CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads
Summary
Threat actors compromised the CPUID website, which distributes popular hardware monitoring tools, and served trojanized versions of CPU-Z and HWMonitor. For less than 24 hours, users downloading these tools were at risk of installing the STX Remote Access Trojan (RAT). The breach lasted from April 9th to April 10th, 2024.
IFF Assessment
This is bad news for defenders as it shows how attackers can compromise legitimate software distribution channels to spread malware, tricking users into installing malicious tools.
Defender Context
This incident highlights the critical importance of supply chain security and verifying the integrity of software downloads, especially from frequently used but potentially compromised websites. Defenders should educate users about the risks of downloading software from unofficial or compromised sources and emphasize the use of digital signatures or checksums for verification.