Supply chain attack at CPUID pushes malware with CPU-Z/HWMonitor

Threat actors compromised an API belonging to CPUID, a hardware monitoring software vendor, and manipulated download links on the official website to distribute malicious versions of CPU-Z and HWMonitor tools. This supply chain attack exploited trust in a legitimate software provider to deliver malware to victims who believed they were downloading authentic system utilities. Users who installed the trojanized applications may have inadvertently introduced malware onto their systems, potentially enabling further compromise including data theft or persistent access. Organizations should verify software integrity through checksums, utilize official app stores, and maintain endpoint detection solutions to mitigate risks from supply chain compromises. Users of CPUID tools should verify their installations and re-download software directly from verified sources.

Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools. [...]

Threat actors compromised an API belonging to CPUID, a hardware monitoring software vendor, and manipulated download links on the official website to distribute malicious versions of CPU-Z and HWMonitor tools. This supply chain attack exploited trust in a legitimate software provider to deliver malware to victims who believed they were downloading authentic system utilities. Users who installed the trojanized applications may have inadvertently introduced malware onto their systems, potentially enabling further compromise including data theft or persistent access. Organizations should verify software integrity through checksums, utilize official app stores, and maintain endpoint detection solutions to mitigate risks from supply chain compromises. Users of CPUID tools should verify their installations and re-download software directly from verified sources. Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools. [...] Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools. [...]