Supply Chain Attack - Malware Disguised as CPU-Z and HWMonitor
Significant risk — action recommended within 24-48 hours
Basically, hackers tricked users into downloading harmful software disguised as popular system tools.
Hackers compromised CPUID's API, redirecting users to malicious downloads for CPU-Z and HWMonitor. Millions could be at risk from this sophisticated malware. Stay vigilant and check your downloads!
What Happened
Hackers executed a supply chain attack on the CPUID project, manipulating the official download links for the widely used tools CPU-Z and HWMonitor. By gaining access to an API, they redirected users to download malicious executables instead of the legitimate software. This incident raises significant concerns given the millions of users who rely on these tools for monitoring their computer's health.
How It Works
The malicious files were hosted on a compromised domain, specifically designed to masquerade as legitimate software. Users reported that the download links pointed to a trojanized version of HWiNFO, which is another diagnostic tool. The malicious file, named HWiNFO_Monitor_Setup, executes a suspicious installer that is atypical for legitimate software. This sophisticated malware employs advanced techniques to evade detection, operating primarily in-memory and using proxy methods to avoid security software.
Who's Being Targeted
The attack primarily targets users of CPU-Z and HWMonitor, two tools with a vast user base. These tools are essential for many users, including gamers and IT professionals, who depend on accurate hardware monitoring and diagnostics. The compromised download links were only active for a short period, approximately six hours, but they could have impacted a significant number of users during that time.
Signs of Infection
Users who downloaded the compromised versions might notice unusual behavior from their systems. Signs of infection could include:
- Unexpected pop-ups or prompts during installation.
- Unrecognized processes running in the background.
- Antivirus flags on the downloaded files.
How to Protect Yourself
To safeguard against such attacks, users should:
- Always download software from official websites or trusted sources.
- Verify the integrity of downloaded files using checksums when available.
- Keep antivirus software updated and run regular scans.
What You Should Do
If you suspect that you have downloaded the malicious version of CPU-Z or HWMonitor, it is crucial to take immediate action. Uninstall the software, run a complete system scan with an updated antivirus program, and monitor your system for any unusual activity. Additionally, stay informed about updates from CPUID regarding the incident and follow any recommended actions they provide.
🔍 How to Check If You're Affected
- 1.Check your download history for CPU-Z or HWMonitor installations from April 9-10.
- 2.Run a full system scan with updated antivirus software.
- 3.Look for unusual processes or applications in your task manager.
🗺️ MITRE ATT&CK Techniques
🔒 Pro insight: This attack exemplifies the growing trend of supply chain compromises targeting widely used software, necessitating enhanced vigilance in software sourcing.