The compromise of CPUID’s download infrastructure highlights a growing concern in cybersecurity: the vulnerability of software supply chains. Popular tools such as CPU-Z and HWMonitor were briefly distributed with hidden malware, exposing users to significant risk.
The attack lasted less than a day but was enough to impact users who downloaded affected files during that window. Instead of modifying the official software, attackers redirected users to malicious versions hosted on external domains.
These modified packages combined legitimate software with a malicious DLL. Through DLL side-loading, the malware executed seamlessly alongside the trusted application.
The payload delivered in this campaign was STX RAT, a tool capable of remote system control, data theft, and execution of additional malicious code. Such capabilities allow attackers to maintain long-term access and expand their operations.
Interestingly, the same infrastructure had been used in previous campaigns, suggesting limited operational security on the attacker’s side. However, the effectiveness of the method demonstrates how damaging even simple techniques can be.
To address such risks, organizations need better visibility into external threats. Platforms like IntelligenceX help identify malicious infrastructure, monitor data exposure, and track connections between related campaigns.
This incident reinforces the need for a broader security approach that includes both internal protections and external intelligence.
Top comments (0)