CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads

Unknown threat actors compromised CPUID (cpuid.com), a legitimate website hosting popular hardware monitoring tools including CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours (April 9-10). During this window, the attackers distributed trojanized versions of these applications containing the STX Remote Access Trojan. Users who downloaded software during this period were exposed to malware capable of providing adversaries with remote access, data exfiltration, and system compromise capabilities. Organizations should audit systems for unexpected CPU-Z or HWMonitor installations, conduct forensic analysis on any affected endpoints, and ensure software is only downloaded from official sources during verified secure periods. The short duration of the compromise may limit the total number of affected users.

Unknown threat actors compromised CPUID ("cpuid[.]com"), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for the software and deploy a remote access trojan called STX RAT. The incident lasted from approximately April 9, 15:00 UTC, to about April 10, 10:00 UTC, with

Unknown threat actors compromised CPUID (cpuid.com), a legitimate website hosting popular hardware monitoring tools including CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours (April 9-10). During this window, the attackers distributed trojanized versions of these applications containing the STX Remote Access Trojan. Users who downloaded software during this period were exposed to malware capable of providing adversaries with remote access, data exfiltration, and system compromise capabilities. Organizations should audit systems for unexpected CPU-Z or HWMonitor installations, conduct forensic analysis on any affected endpoints, and ensure software is only downloaded from official sources during verified secure periods. The short duration of the compromise may limit the total number of affected users. Unknown threat actors compromised CPUID ("cpuid[.]com"), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for the software and deploy a remote access trojan called STX RAT. The incident lasted from approximately April 9, 15:00 UTC, to about April 10, 10:00 UTC, with Unknown threat actors compromised CPUID ("cpuid[.]com"), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for the software and deploy a remote access trojan called STX RAT. The incident lasted from approximately April 9, 15:00 UTC, to about April 10, 10:00 UTC, with