cpuid-hwmonitor
CPUID HWMonitor and CPU-Z Supply Chain Attack (STX RAT)
The official CPUID download page was hijacked by compromising a secondary API to redirect legitimate download requests for HWMonitor (v1.63) and CPU-Z to a malicious Cloudflare R2 bucket. The downloaded archive contained a malicious cryptbase.dll that was sideloaded by the legitimate executable. This initiated a sophisticated five-stage in-memory execution chain to deploy the STX RAT infostealer, which harvested browser credentials, session cookies, crypto wallet keys, and VPN/FTP credentials.
- Date
- 2026-04-09
- Category
- Commercial
- Target Surface
- Other
- Insertion Phase
- distribution
- Impact
- Credential theft
- Cause
- Compromised Infrastructure
What Was Affected
Package
cpuid-hwmonitor
LanguageC++
ComponentApplication
Artifact typeapplication
Domain typevendor
Domain
cpuid.com
Compromised Versions
- 1.63
Incident Context
- Motive
- Credential Theft
- Attribution
- Third Party
- Transitive
- No
- User Impact
- 0
- Observed Duration
- 0 days
Indicators and Changes
Hashes
sha256:a27df06c7167eced1ddaeb8adccaa5f60500f52bc7030389eed2a0903cdf8286sha256:1331f19c6732fca81f32c4cec9f89abf26371ed9d3665954f491c89e2c55e5bbsha256:116d806a5ca6f34fdd04061499daca9a352feb2e3f291c7ef3e5d470fe875f7fsha256:a70645f46eee6d765c54ba4a5c48166bd83bcfbc7771a82be9ed48ab4871ebfasha256:52862b538459c8faaf89cf2b5d79c2f0030f79f80a68f93d65ec91f046f05be6sha256:eefc0f986dd3ea376a4a54f80ce0dc3e6491165aefdd7d5d6005da3892ce248f
External References
Source Data
Source record: proprietary/cpuid-hwmonitor/meta.yaml