Overview
- CPUID reports it fixed a hack that between April 9 and April 10 swapped download links to trojanized installers for CPU-Z, HWMonitor and PerfMonitor.
- The attackers did not alter CPUID’s signed installers and instead served look‑alike packages that paired the app with a fake CRYPTBASE.dll that Windows would load first via DLL sideloading.
- The payload was STX RAT, a remote access tool that lets attackers control the PC and steal browser logins, cryptocurrency wallets and FTP passwords, so experts urge scans and password changes where needed.
- Kaspersky counted more than 150 infections, mostly individuals plus companies in manufacturing, retail, telecoms, consulting and agriculture, with most cases in Brazil, China and Russia and limited visibility in North America and Europe.
- Kaspersky recorded redirects from April 9, 15:00 UTC, to April 10, 10:00 UTC, and researchers linked the incident to a months‑long operation that reused servers from a fake FileZilla site.