Malware Alert: Supply Chain Attack Hits CPUID via CPU-Z and HWMonitor
Malicious Code Infects CPU-Z and HWMonitor Utilities
A recent supply chain attack compromised the CPUID project, allowing hackers to inject malware into the popular CPU-Z and HWMonitor software. Used by millions of users worldwide, these tools provide critical insights into system hardware and specifications.
- The malicious code, identified as HWiNFO_Monitor_Setup, was distributed through a Russian installer wrapped in an Inno Setup package.
- Researchers noted that the malware is deeply trojanized, performs file masquerading, and operates primarily in-memory to evade detection by endpoint detection and response systems (EDRs) and antivirus software (AVs).
"The attackers appear to be focusing on widely used utilities, highlighting the importance of robust security measures in the software development lifecycle."
CPUID officials
CPUID officials acknowledged the breach, stating that a secondary feature within their API was compromised for approximately six hours between April 9 and April 10. The company took swift action to rectify the issue and now serves clean versions of both CPU-Z and HWMonitor.
To mitigate potential risks, users who downloaded the affected software during the timeframe of the compromise should exercise caution and monitor their systems closely for signs of malicious activity. It is essential for software developers to prioritize security best practices and invest in regular vulnerability assessments to prevent similar attacks in the future.
"Automated penetration testing can identify vulnerabilities, but it is crucial to validate the effectiveness of controls in preventing attacks. Organizations must balance automated testing with human-driven validation to ensure comprehensive security posture."
Experts