Trusted Software Compromised: CPU-Z and HWMonitor Downloads Trojanized

Cyber Threat Intelligence reports a significant compromise targeting users seeking system diagnostic tools. Downloads of popular software like CPU-Z and HWMonitor, sourced directly from the vendor’s website (cpuid.com), were found to be trojanized. This means attackers successfully injected malicious code into legitimate software installers. Users downloading these tools between August 26th and September 6th, 2023, may have inadvertently installed malware alongside the intended system utilities. The compromised versions are believed to contain a backdoor or information-stealing malware.

This incident highlights a sophisticated attack vector that leverages the trust users place in official software sources. By compromising the vendor’s download portal, attackers bypassed typical security checks and directly delivered malicious payloads to unsuspecting users. The threat actors aimed to distribute a trojan, though specific details regarding its capabilities or propagation methods are still under investigation by Cyber Threat Intelligence. The affected software is widely used by IT professionals, gamers, and system administrators for hardware monitoring and performance analysis.