1. Forum
  2. tqwNet
  3. TQW GENTECH

  • 'This is not your typical run-of-the-mill malware': CPUID downloa

    From TechnologyDaily@1337:1/100 to All on Mon Apr 13 13:00:26 2026
    'This is not your typical run-of-the-mill malware': CPUID download page
    hacked and tools replaced with links to malicious files

    Date:
    Mon, 13 Apr 2026 11:50:00 +0000

    Description:
    Links to multiple CPUID tools hijacked and used to drop an infostealer.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Pro Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Become a Member in Seconds Unlock instant access to exclusive member features. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. You are
    now subscribed Your newsletter sign-up was successful Join the club Get full access to premium articles, exclusive features and a growing list of member rewards. Explore An account already exists for this email address, please log in. Subscribe to our newsletter CPUID.com briefly compromised to serve
    malware Tainted downloads used DLL sideloading with CRYPTBASE.dll Sophisticated Trojan deployed, flagged by 20 AV engines CPUID.com, a popular website for PC diagnostics tools has confirmed it was compromised and used to serve malware .

    "Investigations are still ongoing, but it appears that a secondary feature (basically a side API) was compromised for approximately six hours between April 9 and April 10, causing the main website to randomly display malicious links (our signed original files were not compromised), the projects maintainers told BleepingComputer . The breach was found and has since been fixed." In other words, the software hosted on CPUID was not poisoned - it
    was merely serving different download links. Still, victims might think
    theyre downloading legitimate software. Article continues below You may like Top antivirus hacked to push out a malicious update - find out if you're affected Beware, this fake site offers up a malicious 7-Zip installer laced with malware Infostealers are being disguised as Claude Code, OpenClaw and other AI developer tools Not your typical malware Researchers from Kaspersky found that the download links for this software was tainted:

    CPU-Z (version 2.19) HWMonitor Pro (version 1.57) HWMonitor (version 1.63) PerfMonitor (version 2.04)

    The modified variants included a legitimate, signed executable and a
    malicious DLL named 'CRYPTBASE.dll', used for DLL sideloading.

    "The malicious DLL is responsible for C2 [command and control] connection and further payload execution. Prior to this, it also performs a set of anti-sandbox checks and, if all the checks have passed, it connects to the C2 server," Kaspersky said. Are you a pro? Subscribe to our newsletter Sign up
    to the TechRadar Pro newsletter to get all the top news, opinion, features
    and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    At the same time, researchers from Igors Labs and vxunderground said the malware was rather sophisticated.

    As I began poking this with a stick, I discovered this is not your typical run-of-the-mill malware, stated vxunderground.

    This malware is deeply trojanized, distributes from a compromised domain (cpuid-dot-com), performs file masquerading, is multi-staged, operates (almost) entirely in-memory, and uses some interesting methods to evade EDRs and/or AVs such as proxying NTDLL functionality from a .NET assembly.

    The website has since been cleaned up. VirusTotal shows that currently 20 antivirus engines are flagging the malware - some call it Tedy Trojan, others Artemis Trojan. It seems to be an infostealer. The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-is-not-your-typical-run-of-the-mil l-malware-cpuid-download-page-hacked-and-tools-replaced-with-links-to-maliciou s-files


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)