Stay ahead of hackers by seeing into the infostealer economy at https://go.lowlevel.tv/flare2026

https://intel.breakglass.tech/post/cpuid-supply-chain-cryptbase-filezilla-c2-infrastructure

🏫 MY COURSES
Sign-up for my FREE 3-Day C Course: https://lowlevel.academy

🧙‍♂️ HACK YOUR CAREER
Wanna learn to hack? Join my new CTF platform: https://stacksmash.io

⌨️ KEYBOARD
Like what you hear? Grab a Q5 at https://go.lowlevel.tv/keyboard

🔥COME HANG OUT   
Check out my other stuff: https://lowlevel.tv

Low Level Learning

CPU-Z and HWMonitor (by CPUID) were compromised in a supply chain attack between April 3–10, where download links on the official site were silently replaced with links to a Cloudflare R2 bucket serving trojanized executables. The malicious installer dropped a DLL sideloading chain using NTDLL/.NET in-memory execution to communicate with a C2 server on a high non-standard port (31415). Red flags included Russian-language installer dialogs and a mismatched filename. The attack was caught within days by Reddit users noticing the wrong tool was delivered. The likely initial access vector was an outdated Apache version with known CVEs (including a mod_rewrite path traversal) that allowed attackers to modify download link config files. The same infrastructure and DLL sideloading technique was previously used in a trojanized FileZilla campaign, suggesting a persistent threat actor using multi-jurisdictional infrastructure (Chinese registrar, Caribbean hosting) to complicate attribution and law enforcement response. Defenders can use published Snort/YARA signatures and IOCs to check for compromise.

how does this keep happening? (CPU-Z hacked)