Attackers compromised a secondary API on CPUID's official website, redirecting download requests to malicious links that delivered the STX RAT malware for approximately six hours between April 9-10, 2024. The article does not specify a CVE, CVSS score, affected software versions, a fixed version, or a workaround, as the incident was a website compromise and not a software vulnerability.
If you tried to download software from CPUID’s website late last week, you might have downloaded malware instead. “Investigations are still ongoing, but it appears that a secondary feature (basically a side API) was compromised for approximately six hours between April 9 and April 10, causing the main website to randomly display malicious links (our signed original files were not compromised),” Samuel Demeulemeester, a contributor to CPUID, stated on Friday, and apologized to affected users. … More → The post Hackers hijacked CPUID downloads, served STX RAT to victims appeared first on Help Net Security .