$\"\"$ <\/a><\/div>\n

Unknown risk actors compromised CPUID (“cpuid[.]com”), an internet site\u00a0that hosts fashionable {hardware} monitoring instruments like CPU-Z, HWMonitor, HWMonitor Professional, and PerfMonitor, for lower than 24 hours to serve malicious executables for the software program and deploy a distant entry trojan known as STX\u00a0RAT.<\/p>\n

The incident lasted from roughly April 9, 15:00 UTC, to about April 10, 10:00\u00a0UTC, with the obtain URLs for CPU-Z and HWMonitor installers changed with hyperlinks to malicious\u00a0web sites.<\/p>\n

In\u00a0a put up<\/a> shared on X, CPUID confirmed the breach, attributing it to a compromise of a “secondary characteristic (mainly a facet API)” that brought about the principle\u00a0website to randomly show malicious\u00a0hyperlinks. It is price noting that the assault didn’t influence its signed authentic\u00a0information.<\/p>\n

<\/p>\n

In accordance\u00a0to Kaspersky<\/a>, the names of the rogue web sites are as follows\u00a0–<\/p>\n

cahayailmukreatif.net[.]id<\/li>\n

pub-45c2577dbd174292a02137c18e7b1b5a.r2[.]dev<\/li>\n

transitopalermo[.]com<\/li>\n

vatrobran[.]hr<\/li>\n<\/ul>\n
“The trojanized software program was distributed each as ZIP archives and as standalone installers for the aforementioned merchandise,” the Russian cybersecurity firm stated. “These information include a legit signed executable for the corresponding product and a malicious DLL, which is called ‘CRYPTBASE.dll’ to leverage the DLL side-loading method.”<\/p>\n
The malicious DLL, for its half, contacts an exterior server and executes further payloads, however not earlier than performing anti-sandbox checks to sidestep detection. The\u00a0finish purpose of the marketing campaign is to\u00a0deploy STX\u00a0RAT<\/a>, a RAT with HVNC and broad infostealer capabilities.<\/p>\n
STX RAT “exposes a broad command set for distant management, follow-on payload execution, and post-exploitation actions (e.g., in-memory execution of EXE\/DLL\/PowerShell\/shellcode, reverse proxy\/tunneling, desktop interplay),” eSentire stated in an evaluation of the malware final\u00a0week.<\/p>\n
<\/p>\n
The command-and-control (C2) server handle and the connection configuration\u00a0have been\u00a0reused from\u00a0a prior\u00a0marketing campaign<\/a> that leveraged trojanized FileZilla installers<\/a> hosted on bogus websites to deploy the identical RAT malware. The\u00a0exercise was documented by Malwarebytes early final\u00a0month.<\/p>\n
Kaspersky stated it has recognized greater than 150 victims, principally people who had been affected by the incident. Nevertheless, organizations in retail, manufacturing, consulting, telecommunications, and agriculture have\u00a0additionally been\u00a0impacted. Most\u00a0of the infections are\u00a0positioned in Brazil, Russia, and\u00a0China.<\/p>\n
“The gravest mistake attackers made was to reuse the identical an infection chain involving STX RAT, and the identical domains for C2 communication, from the earlier assault associated to faux FileZilla installers,” Kaspersky stated. “The general malware growth\/deployment and operational safety capabilities of the risk actor behind this assault are fairly low, which, in flip, made it potential to detect the watering gap compromise as quickly because it\u00a0began.”<\/p>\n<\/div>\n\n","protected":false},"excerpt":{"rendered":"
\ue804Ravie Lakshmanan\ue802Apr 12, 2026Malware \/ Menace Intelligence Unknown risk actors compromised CPUID (“cpuid[.]com”), an internet site\u00a0that hosts fashionable {hardware} monitoring instruments like CPU-Z, HWMonitor, HWMonitor Professional, and PerfMonitor, for lower than 24 hours to serve malicious executables for the software program and deploy a distant entry trojan known as STX\u00a0RAT. The incident lasted from roughly […]<\/p>\n","protected":false},"author":2,"featured_media":13718,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[641,8653,8657,8654,2916,8658,1538,8655,8656],"class_list":["post-13716","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-breach","tag-cpuid","tag-cpuz","tag-distributes","tag-downloads","tag-hwmonitor","tag-rat","tag-stx","tag-trojanized"],"_links":{"self":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/13716","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=13716"}],"version-history":[{"count":1,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/13716\/revisions"}],"predecessor-version":[{"id":13717,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/13716\/revisions\/13717"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/media\/13718"}],"wp:attachment":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=13716"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=13716"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=13716"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}