The CPUID website was compromised for approximately six hours on April 9-10, with attackers hijacking a backend API to swap legitimate download links for malware-laden installers. Tools like HWMonitor and CPU-Z were affected. The malicious installer targeted 64-bit users, deployed a fake CRYPTBASE.dll to contact a C2 server, ran largely in-memory using PowerShell, compiled a .NET payload on victim machines, and targeted browser credentials via Chrome's IElevation COM interface. CPUID confirmed the breach was fixed and that original signed binaries were not tampered with, but the number of affected users remains unknown. Infrastructure links suggest connections to earlier campaigns targeting FileZilla users.
Sort: