CPUID Watering Hole Attack Spreads STX RAT via Fake Downloads

/MEDIUM
SCW threat-intelmalware
CPUID Watering Hole Attack Spreads STX RAT via Fake Downloads

Cyber Threat Intelligence reports a nasty watering hole attack that’s hit CPUID, the well-known software vendor behind tools like CPU-Z and HWMonitor. Threat actors have reportedly compromised the CPUID website, leveraging it to distribute the STX RAT malware through what appear to be legitimate software downloads. This is a classic move: compromise a trusted source to push your dirty payload.

This kind of attack is particularly insidious because users are often looking for these utilities, making them prime targets for malvertising or, in this case, direct compromise of the download source. The STX RAT is no joke; once it’s on a system, it can grant attackers extensive control, making it a serious threat to data integrity and privacy. It’s a stark reminder that even trusted software portals can become vectors for compromise.

What This Means For You

  • If you've recently downloaded CPU-Z or HWMonitor from the CPUID website, you need to verify the integrity of those files immediately. Scan your system for STX RAT and other suspicious activity. Revoke any elevated privileges granted to these applications and consider a full system audit.

🛡️ Detection Rules

2 rules · 5 SIEM formats

2 auto-generated detection rules for this incident, mapped to MITRE ATT&CK. Available in Sigma, Splunk SPL, Sentinel KQL, Elastic Lucene, and QRadar AQL.

high supply-chain event-type

Traffic to Compromised Vendor — CPUID

Sigma Splunk SPL Sentinel KQL Elastic QRadar AQL

Get this rule in your SIEM's native format — copy, paste, detect. No manual conversion.

2 Sigma rules mapped to the ATT&CK techniques from this breach — pick your SIEM and get a ready-to-paste query.

Get Detection Rules →

By Shimi's Cyber World Editorial

Related Posts

JanaWare Ransomware: Turkish Citizens in the Crosshairs

The cybercriminal landscape is a constantly shifting beast, and new ransomware strains are always emerging. According to The Record by Recorded Future, a new player...

threat-inteldata-breachgovernmentmalwareransomwareidentity
/MEDIUM

Microsoft Patches SharePoint Zero-Day, 160 Vulnerabilities

Microsoft's latest Patch Tuesday was a big one, addressing a staggering 161 vulnerabilities. According to SecurityWeek, this makes it the second-largest Patch Tuesday ever, based...

threat-intelvulnerabilitymicrosoft
/MEDIUM

Microsoft Drops Windows 10 Extended Security Update

Microsoft has rolled out the Windows 10 KB5082200 extended security update, a critical patch addressing vulnerabilities initially slated for the April 2026 Patch Tuesday. According...

threat-inteldata-breachmalwarevulnerabilitymicrosofttools
/HIGH