Breaking
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately
Latest Threat Intel Zero-Days Data Breaches Analysis
Live threat feed May 19, 2026 | 12:24 UTC
4110 CVEs This Month
6 Actively Exploited
2 Ransomware Activity
18 Breaches YTD
Threat Investigation Portal
Investigate an IOC in the live graph workspace.
Investigate IOC
Vulnerabilities

CPUID Website Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads

Thirumala Rao Padilam Thirumala Rao Padilam April 12, 2026
CPUID Website Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads

The official CPUID website was compromised for less than a day, allowing threat actors to serve trojanized versions of popular hardware monitoring tools such as CPU-Z and HWMonitor. These malicious downloads contained the STX remote access trojan, posing risks to users who installed the affected software during the incident window.

What happened

Unknown attackers infiltrated the CPUID website, which hosts hardware monitoring utilities including CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor. During this breach, malicious executable files disguised as legitimate downloads were made available to users. The attackers embedded the STX remote access trojan within these installers. The compromise occurred between approximately April 9 at 15:00 UTC and April 10 at 10:00 UTC.

Why it matters

CPUID’s tools are widely used by individuals and professionals for hardware monitoring, making the exposure of trojanized versions a significant threat vector. Users downloading software during the compromise window risked installing remote access malware capable of unauthorized control and data breaches. This incident underscores the importance of supply chain security and vigilance when obtaining widely trusted utilities.

What security teams should do

Teams should review any installations of CPUID software obtained between April 9 and April 10 for potential compromise. It is advisable to download clean copies directly from the official website after the threat actor’s access has been removed. Monitoring for signs of STX RAT infection, including unusual network activity or system behavior, may help identify compromised hosts. Incident response measures should be considered if exploitation is suspected.

Key technical details

The attackers deployed the STX RAT, a remote access trojan, by trojanizing legitimate CPUID software installers. The breach lasted for roughly 19 hours, during which downloads of CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor could have contained the malware. STX RAT typically provides attackers with full remote control capabilities of infected systems. Details on the initial exploitation vector or additional post-compromise activity were not disclosed.

Affected organizations/products

The breach affected the CPUID official website and its software offerings, including CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, during the indicated timeframe. Users who downloaded any of these tools from cpuid[.]com between April 9, 15:00 UTC and April 10, 10:00 UTC are potentially impacted.

Source attribution

https://thehackernews.com/2026/04/cpuid-breach-distributes-stx-rat-via.html

Thirumala Rao Padilam
Written by
Thirumala Rao Padilam
error: Content is protected !!