Hackers compromise CPUID API, distribute malware by way of CPU-Z and HWMonitor downloads | transient

Hackers gained unauthorized entry to an API for the CPUID mission, altering obtain hyperlinks on the official web site to distribute malicious executables disguised as fashionable system utility instruments CPU-Z and HWMonitor. These instruments, utilized by hundreds of thousands for {hardware} monitoring and specs, had been compromised, main customers to obtain trojanized variations. The malicious file, named HWiNFO_Monitor_Setup, launched a suspicious Russian installer. Whereas direct downloads of unique binaries remained potential, the distribution chain was poisoned, as reported by Bleeping Laptop.The assault concerned a classy loader utilizing superior strategies to evade detection. Researchers famous the malware was deeply trojanized, operated largely in-memory, and employed strategies to bypass endpoint detection and response (EDR) and antivirus software program. The compromised area, cpuid[.]com, served a malicious file that masqueraded as HWiNFO, one other diagnostic instrument.This menace group had beforehand focused FileZilla customers, indicating a concentrate on extensively adopted software program. The downloaded ZIP file was flagged by quite a few antivirus engines, with some classifying it as Tedy Trojan or Artemis Trojan, and others figuring out it as infostealer malware.Supply: Bleeping Laptop