CPUID Website Hijacked to Serve Malware, Affecting HWMonitor Downloads

What's Happening? The CPUID website, known for its hardware monitoring tools like HWMonitor and CPU-Z, was compromised by attackers who hijacked part of its backend. This breach turned trusted download links into a delivery mechanism for malware. Users began noticing issues when antivirus alerts wer

Summarized by AI ⓘ

AI & New Tech

SEE ALL

Rapid Read

EBSCO Report Reveals Clinician Trust in AI Tools Despite Consumer Skepticism

Trendline

Vibrint's Strategic Shift Secures $1.2 Billion in National Security Contracts

Rapid Read

Royal Navy Expands Autonomous Underwater Fleet with Teledyne Marine Contract

What is the story about?

What's Happening?

The CPUID website, known for its hardware monitoring tools like HWMonitor and CPU-Z, was compromised by attackers who hijacked part of its backend. This breach turned trusted download links into a delivery mechanism for malware. Users began noticing issues

when antivirus alerts were triggered by installers or when files appeared under unusual names. The breach was attributed to a compromised backend component, not the software builds themselves. The malicious activity lasted approximately six hours between April 9 and April 10, during which the main website displayed malicious links. The files themselves remained properly signed, indicating the build process was not compromised. The malware targeted 64-bit HWMonitor users, using a fake CRYPTBASE.dll to blend in with legitimate Windows components and reach out to a command-and-control server for additional payloads.

Why It's Important?

This incident highlights the vulnerabilities in software distribution channels, where attackers can cause significant harm without altering the software code itself. The breach poses a risk to users who downloaded the compromised files, potentially exposing their systems to further attacks. It underscores the importance of securing backend components and the need for vigilance in monitoring download links. The incident also reflects broader cybersecurity challenges, as attackers increasingly target trusted platforms to distribute malware. This can have implications for user trust and the reputation of affected companies, emphasizing the need for robust security measures and quick response strategies.

What's Next?

CPUID has confirmed that the breach has been fixed, but investigations are ongoing to determine how the API was accessed and the extent of the downloads. Users who downloaded files during the affected period are advised to check their systems for any signs of compromise. The incident may prompt CPUID and similar companies to enhance their security protocols to prevent future breaches. It also serves as a reminder for users to remain cautious and verify the authenticity of downloads, especially from trusted sources.