CPU-Z & HWMonitor, cpuid.com, Watering Hole Attack

On April 9, 2026, the cpuid.com website was compromised in a watering hole attack lasting approximately 19 hours. Download URLs for legitimate system administration tools CPU-Z, HWMonitor, HWMonitor Pro, and Perfmonitor 2 were replaced with links to malicious sites distributing trojanized versions. The malicious installers contained legitimate signed executables paired with DLL files named CRYPTBASE.dll that exploited DLL sideloading for C2 communication and payload delivery. Attackers reused infrastructure and code from a March 2026 fake FileZilla campaign, including the STX RAT as the final payload. Over 150 victims were identified globally, primarily individuals but including organizations in retail, manufacturing, consulting, telecommunications and agriculture sectors. The attack demonstrated poor operational security with reused indicators enabling rapid detection.

Pulse ID: 69dcad85f21975a887da9066
Pulse Link: https://otx.alienvault.com/pulse/69dcad85f21975a887da9066
Pulse Author: AlienVault
Created: 2026-04-13 08:47:01

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #FileZilla #InfoSec #Manufacturing #OTX #OpenThreatExchange #RAT #SideLoading #Telecom #Telecommunication #Trojan #bot #AlienVault