Skip to main content
Emerging ThreatsMalware & Ransomware

CPUID Compromised, Trojanized Software Deploys STX RAT

Dark laptop screen with eerie glow, cracked CPU chip, tangled wires, and silhouette of person holding mysterious device.

What happens when the very tools people rely on to check the health of their machines are themselves turned into a delivery vehicle for malware? For roughly one day in April, users who visited a well-known hardware-monitoring website found out the hard way.

The incident in brief

Unknown threat actors compromised the website cpuid[.]com, which hosts popular hardware-monitoring utilities including CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor. The compromise lasted for less than 24 hours, beginning at approximately April 9, 15:00 UTC and ending around April 10, 10:00 UTC. During that window the site served trojanized installers that contained malicious executables and deployed a remote access trojan identified as STX RAT.

What the facts say — and what they imply

The core facts are simple: a legitimate software distribution site was manipulated to deliver malware, and the payload was a remote access trojan. That combination—trusted download source plus a trojan that grants remote control—creates a high-risk scenario for anyone who obtained installers from the site during the compromise window.

Because the affected files were installers for widely used hardware-monitoring tools, the incident touches an established software-distribution channel rather than a niche repository. The short duration of the intrusion — under 24 hours — suggests a brief but targeted opportunity for the actors to distribute STX RAT via trojanized downloads.

Perspectives to consider

  • Technologists: Security teams and developers will see this as a supply-chain problem: malicious code delivered through a trusted vendor’s distribution point. The presence of a remote access trojan in installers amplifies concerns about unauthorized access and persistence when end users run compromised executables.
  • Policymakers and risk managers: The incident underscores the vulnerability of software ecosystems that rely on centralized download sites. Even a short-lived compromise can reach many users quickly if the site hosts broadly used tools.
  • Users: Individuals and organizations who downloaded CPU-Z, HWMonitor, HWMonitor Pro, or PerfMonitor from cpuid[.]com during the stated timeframe faced the possibility that the installers contained malicious code capable of providing remote access to their machines.
  • Adversaries: For those who compromise distribution infrastructure, this case demonstrates how trusted downloads can serve as an efficient mechanism for delivering remote access tools to a wide set of targets in a compressed timeframe.

Closing thought

The breach of cpuid[.]com and the distribution of STX RAT through trojanized downloads is a reminder that trust in software distribution can be sudden and fragile. When installers from a respected source become the instrument of compromise, the question for defenders is not only how to respond after the fact, but how to make that trust more resilient before the next breach.

https://thehackernews.com/2026/04/cpuid-breach-distributes-stx-rat-via.html