Particle.news
Download on the App Store
7 ARTICLES
·
2d ago

CPUID Confirms Brief Website Hijack That Served Malware via CPU-Z and HWMonitor Links

A six-hour hijack of a CPUID website API swapped trusted download links to a stealthy infostealer.

Image
These two huge PC performance app downloads have been infected by a virus
a hand reaching out of a laptop screen
A stylized screenshot of the software tool CPU-Z, against a colorful background

Overview

  • CPUID said a side API was compromised for about six hours between Thursday and Friday, causing some download buttons to point to malicious installers that have since been removed.
  • Reddit users first raised the alarm when downloads came as "HWiNFO_Monitor_Setup.exe" and launched a Russian-language installer that Windows Defender flagged.
  • Researchers at vx-underground described a multi-stage loader that ran mostly in memory, used a fake CRYPTBASE.dll, and pulled payloads that tried to read saved browser passwords.
  • Several analyses traced the delivery chain to cpuid.com links that redirected to Cloudflare R2 and to infrastructure linked to March attacks that impersonated FileZilla.
  • Anyone who fetched CPU-Z or HWMonitor during the window should scan their PC, change key passwords with multi-factor authentication, review account activity, and, for high assurance, consider a clean reinstall.