CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads

What’s new: CPUID, the website hosting popular hardware monitoring tools like CPU-Z and HWMonitor, was compromised for less than 24 hours from April 9, 15:00 UTC to April 10, 10:00 UTC. During this time, malicious executables were served, distributing the STX RAT (Remote Access Trojan) through trojanized software downloads. The attack exploited a secondary API feature, but original signed files were not affected. The malicious files contained a legitimate executable and a malicious DLL named ‘CRYPTBASE.dll’ that executed additional payloads while evading detection.

Who’s affected

Over 150 victims have been identified, including individuals and organizations in sectors such as retail, manufacturing, consulting, telecommunications, and agriculture. Most infections have been reported in Brazil, Russia, and China.

What to do

• Ensure that software is downloaded from official sources only to avoid malicious versions.
• Implement endpoint protection solutions to detect and mitigate threats like STX RAT.
• Educate users about the risks of downloading software from third-party sites.

Sources

• The Hacker News