SECURITYWEEK reports that the CPUID website was hacked to deliver Trojanized downloads of CPU-Z, HWMonitor and PerfMonitor, with malicious installers hosted by a Russian-speaking threat actor during a supply-chain and watering-hole style campaign. The attackers loaded a malicious file (cryptbase[.]dll) via DLL sideloading while presenting legitimate installers, and the ultimate aim was to drop STX RAT to control affected machines and exfiltrate data such as browser credentials and cryptocurrency wallets.
The CPUID maintainer said the incident occurred on 10 April, with the site being compromised for roughly six hours from 00:00 to 06:00 GMT, while Kaspersky observed a longer window from 15:00 on 9 April to 10:00 GMT on 10 April. Security researchers from Breakglass Intelligence link the CPUID operation to a wider 10-month campaign and suggest a Russian-speaking threat actor is behind the activity, with earlier connections to trojanized FileZilla infrastructure.
The incident affected over 150 victims, spanning individuals and organisations across sectors such as manufacturing, retail, telecoms, consulting, and agriculture, and the campaign involved both ZIP archives and standalone installers.