Search

Supply Chain Attack at CPUID Pushes Malware Through CPU-Z and HWMonitor Downloads

Cyber threats and incidents
By Evan Rowe

Related

Share

What happened

A supply chain attack on CPUID caused malicious downloads to be served through the official website for CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor. Attackers compromised a side API tied to the site and changed distribution links so users were randomly served trojanized files instead of the legitimate installers. CPUID said the compromise lasted for roughly six hours between April 9 and April 10 and that its signed original files were not altered. Later analysis found the malicious packages used DLL sideloading with a file named CRYPTBASE.dll, which handled command-and-control communication and further payload execution after anti-sandbox checks. The final payload was identified as STX RAT, a remote access trojan with infostealer capabilities. 

Who is affected

The direct exposure affects users who downloaded CPU-Z 2.19, HWMonitor 1.63, HWMonitor Pro 1.57, or PerfMonitor 2.04 during the compromise window. Based on observed telemetry, more than 150 users downloaded malicious variants, including both individuals and organizations in sectors such as retail, manufacturing, consulting, telecommunications, and agriculture. 

Why CISOs should care

This incident matters because it turned trusted hardware utility downloads into a malware delivery channel through an official software site. It also shows how attackers can poison distribution links without modifying the vendor’s signed binaries, creating a supply chain risk that may be harder for users to recognize at download time. 

3 practical actions

  1. Identify affected downloads immediately: Determine whether any systems downloaded CPUID tools during the compromised April 9 to April 10 window and isolate those endpoints for review. 
  2. Hunt for DLL sideloading indicators: Check for malicious CRYPTBASE.dll files and related command-and-control activity associated with the trojanized installers. 
  3. Treat official utility downloads as a supply chain risk: Expand software trust reviews to include vendor distribution paths and download infrastructure, not just code signing and file hashes of released binaries. 

For more news about malicious software delivered through trusted distribution channels, click Malware to read more.

Previous article
Bitcoin Depot Reports Cyberattack After $3.6 Million in Bitcoin Is Stolen
Cyber threats and incidents

Bitcoin Depot Reports Cyberattack After $3.6 Million in Bitcoin Is Stolen

What happened Bitcoin Depot disclosed a cyberattack after a threat...
Cyber threats and incidents

Dutch Hospitals Face Disruptions After Ransomware Attack on Software Provider ChipSoft

What happened A ransomware attack on ChipSoft disrupted digital services...

Subscribe to our stories

To be updated with all the latest news, offers and special announcements.