CPUID Website Hijacked to Serve Malware, Affecting HWMonitor Downloads
The CPUID website, known for its hardware monitoring tools like HWMonitor and CPU-Z, was compromised by attackers who hijacked part of its backend. This breach turned trusted download links into a delivery mechanism for malware. Users began noticing issues when antivirus alerts were triggered by installers or when files appeared under unusual names. The breach was attributed to a compromised backend component, not the software builds themselves. The malicious activity lasted approximately six hours between April 9 and April 10, during which the main website displayed malicious links. The files themselves remained properly signed, indicating the build process was not compromised. The malware targeted 64-bit HWMonitor users, using a fake CRYPTBASE.dll to blend in with legitimate Windows components and reach out to a command-and-control server for additional payloads. 
