Unknown threat actors compromised the CPUID website for nearly 20 hours, replacing legitimate hardware monitoring software installers with malicious files designed to deploy the STX remote access trojan.

Key Points

• The breach occurred between April 9 and April 10, affecting popular tools including CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor.
• Attackers utilized DLL side-loading by bundling legitimate signed executables with a malicious "CRYPTBASE.dll" file.
• The STX RAT malware provides attackers with remote control, desktop interaction, and broad data-stealing capabilities.
• Kaspersky identified over 150 victims across sectors including manufacturing, retail, and telecommunications, with high infection rates in Brazil, Russia, and China.
• CPUID confirmed the incident resulted from a compromised secondary API, though the company's original signed software files remained untampered.

Why it Matters

This incident highlights the ongoing risk of supply chain attacks where trusted software distribution channels are leveraged to deliver malware. Users who downloaded hardware monitoring tools during this window should scan their systems for unauthorized remote access tools and potential data exfiltration.