CPUID Website Hacked Malware Spread via CPU-Z and HWMonitor

CPUID Website Hacked, Malware Spread Through Popular Tools

A major security incident has hit CPUID, after attackers compromised its official website and replaced download links for widely used tools like CPU-Z and HWMonitor with malicious files. The breach raised serious concerns as these utilities are trusted by millions of users worldwide.

Malicious Downloads Disguised as Legitimate Software

The attack was discovered when users noticed unusual behavior in downloaded files, which were being served from unfamiliar cloud storage instead of official servers.

The malware was cleverly disguised as a legitimate installer under the name HWiNFO_Monitor_Setup. Once executed, it displayed a suspicious installer interface in Russian, immediately signaling that something was wrong.

Advanced Malware with Stealth Capabilities

Security researchers revealed that the malware involved was far from basic. It operated mostly in memory and used advanced techniques to avoid detection by antivirus and enterprise-level security systems.

Further analysis identified the threat as STX RAT, a powerful information-stealing malware capable of extracting sensitive data from infected systems. It used a technique known as DLL sideloading via a file named CRYPTBASE.dll to establish communication with command-and-control servers.

Timeline and Affected Software

The breach occurred between April 9 and April 10, during a period when key members of the development team were unavailable.

Affected versions included:

• CPU-Z 2.19
• HWMonitor Pro 1.57
• HWMonitor 1.63
• PerfMonitor 2.04

Although the original signed files remained intact, the download links on the website were compromised, leading users to infected versions instead.

Widespread Impact Across Multiple Sectors

The attack impacted over 150 users, including individuals and organizations across industries such as manufacturing, telecommunications, and agriculture. Cases were reported in multiple countries, highlighting the global reach of the incident.

Investigators also linked the attack to the same group behind a recent FileZilla malware campaign, suggesting a pattern of targeting widely used utility software.

What Users Should Do Now

Anyone who downloaded software from CPUID during the affected timeframe should take immediate action:

• Delete any suspicious installer files
• Run a full antivirus scan
• Reinstall the software from the official website
• Verify file authenticity before installation

Security tools have since begun detecting the malware under names such as Tedy or Artemis Trojan, improving protection against further infections.

Issue Now Resolved

CPUID has confirmed that the compromised links have been fixed and the website is now safe. However, this incident serves as a reminder that even trusted sources can be targeted, and users should always remain cautious when downloading software.

 Origin: Bleepingcomputer