Hackers compromise CPUID API, distribute malware via CPU-Z and HWMonitor downloads

Hackers gained unauthorized access to an API for the CPUID project, altering download links on the official website to distribute malicious executables disguised as popular system utility tools CPU-Z and HWMonitor. These tools, used by millions for hardware monitoring and specifications, were compromised, leading users to download trojanized versions. The malicious file, named HWiNFO_Monitor_Setup, launched a suspicious Russian installer. While direct downloads of original binaries remained possible, the distribution chain was poisoned, as reported by Bleeping Computer.The attack involved a sophisticated loader using advanced techniques to evade detection. Researchers noted the malware was deeply trojanized, operated mostly in-memory, and employed methods to bypass endpoint detection and response (EDR) and antivirus software. The compromised domain, cpuid[.]com, served a malicious file that masqueraded as HWiNFO, another diagnostic tool.This threat group had previously targeted FileZilla users, indicating a focus on widely adopted software. The downloaded ZIP file was flagged by numerous antivirus engines, with some classifying it as Tedy Trojan or Artemis Trojan, and others identifying it as infostealer malware.Source:Bleeping Computer