Supply chain attack at CPUID pushes malware with CPU-Z/HWMonitor
Summary
Attackers compromised the CPUID project's API, altering download links on their official website. This allowed them to distribute malware disguised as legitimate installers for CPU-Z and HWMonitor. The compromised downloads were then distributed to users seeking legitimate system monitoring software.
IFF Assessment
This is bad news for defenders as it represents a successful supply chain attack that leveraged trusted software distribution channels to infect users with malware.
Defender Context
This incident highlights the critical risk of supply chain attacks, where attackers compromise legitimate software vendors to distribute malware. Defenders need to be vigilant about verifying software sources and implementing robust endpoint security to detect and prevent the execution of compromised executables.