CPUID Website Compromised to Distribute STX RAT Malware via Hardware Tools

Unknown threat actors compromised the website of CPUID, a prominent hardware monitoring software vendor, to distribute malware through popular tools including CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor. The supply chain attack lasted approximately 19 hours, from April 9 at 15:00 UTC to April 10 at 10:00 UTC. The attackers replaced legitimate download links with trojanized executables containing the STX RAT (Remote Access Trojan). According to Kaspersky, the malicious files leveraged DLL side-loading through a file named 'CRYPTBASE.dll' alongside legitimate signed executables to evade detection. STX RAT is a sophisticated remote access tool capable of in-memory execution of EXE, DLL, PowerShell, and shellcode payloads; reverse proxy and tunneling capabilities; and full desktop interaction. Security firm eSentire notes the malware exposes a broad command set ideal for post-exploitation activities. Kaspersky has identified more than 150 victims across Brazil, Russia, and China, primarily individuals but also organizations in retail, manufacturing, consulting, telecommunications, and agriculture. The researchers noted that the attackers' poor operational security, including reuse of infrastructure from previous attacks on FileZilla, enabled rapid detection. The incident highlights ongoing risks in the software supply chain, particularly for widely-used system utilities that users routinely download and execute with elevated privileges.