Back
Technology

CPUID.com Website Temporarily Distributed Malware Through Official Software Downloads

Generated on: Last updated: 1 sources
View source

Official PC Monitoring Tool Website Briefly Distributed Malware

On April 9, 2024, the official website for popular PC-monitoring tools CPU-Z and HWMonitor, CPUID.com, temporarily distributed malware to users downloading software. The incident, which lasted approximately six hours, was reported by users and later confirmed by security researchers. The website's operator states the breach has now been resolved.

Incident Discovery and Timeline

  • The issue was first flagged by users on the social media platform Reddit on Thursday, April 9.
  • The malware research group Vx Underground confirmed that CPUID.com began distributing malware around 7:00 p.m. Eastern Standard Time on April 9.
  • Samuel Demeulemeester, the developer of CPU-Z, stated the compromise was active for approximately six hours between April 9 and April 10.

Nature of the Compromise

According to Demeulemeester, a secondary feature of the website, described as a side API, was compromised. This caused the main CPUID.com website to randomly display malicious download links.

He emphasized that the original, digitally signed installation files for the software were not themselves compromised.

User Reports and Malware Details

Multiple users reported that attempting to download HWMonitor, specifically version 1.63, resulted in the download of a suspicious file named HWiNFO_Monitor_Setup.exe.

  • Several users reported that Windows Defender antivirus software flagged this file as malicious.
  • At least one user reported that the installation process displayed a Russian-language interface before the installation was canceled.
  • Vx Underground analyzed the malware and stated its primary function appeared to be data theft, specifically targeting credentials stored in web browsers. The malware was reported to have bypassed detection by some antivirus software.

Scope and Impact

The malicious links affected downloads for both CPU-Z and HWMonitor from the official CPUID.com domain.

CPU-Z and HWMonitor are widely downloaded system information and hardware monitoring tools. Multiple sources note the software has been downloaded hundreds of thousands of times from various third-party download sites, though this incident was confined to the official source.

Investigation and Resolution

Samuel Demeulemeester stated that investigations into the incident are ongoing. He confirmed that the breach on the website has been fixed. The method by which the attacker gained access to the website's systems remains unclear.

Connection to Previous Activity

Vx Underground reported that the malware distributed from CPUID.com shares a command-and-control server with a separate scheme observed in March 2024. The previous scheme involved a fraudulent website impersonating the official FileZilla download site to distribute a Trojanized version of that software.