CPUID Site Hijacked To Serve Malware Instead of HWMonitor Downloads (theregister.com) 13
Attackers briefly hijacked part of CPUID's backend and swapped legitimate download links on its site with malware-laced ones. "The issue hit tools like HWMonitor and CPU-Z, with users on Reddit and elsewhere starting to notice something wasn't right when installers tripped antivirus alerts or showed up under odd names," reports The Register. From the report: CPUID has since confirmed the breach, pinning it on a compromised backend component rather than tampering with its software builds. "Investigations are still ongoing, but it appears that a secondary feature (basically a side API) was compromised for approximately six hours between April 9 and April 10, causing the main website to randomly display malicious links (our signed original files were not compromised)," one of the site's owners said in a post on X. "The breach was found and has since been fixed."
The files themselves appear to have been left alone and remain properly signed, so it doesn't seem like anyone got into the build process. Instead, the problem sat in front of that, in how downloads were being served. For anyone who hit the site during that stretch, though, that distinction offers little comfort. If the link you clicked had been swapped out, you were pulling whatever it pointed to, whether you realized it or not.
The files themselves appear to have been left alone and remain properly signed, so it doesn't seem like anyone got into the build process. Instead, the problem sat in front of that, in how downloads were being served. For anyone who hit the site during that stretch, though, that distinction offers little comfort. If the link you clicked had been swapped out, you were pulling whatever it pointed to, whether you realized it or not.
Re: (Score:2)
Re: Welcome to world war 3 (Score:2)
Some drones used are controlled by intelligence.
Some are as stupid as the V1 bombs of WWII.
So did it get into any distribution? (Score:2)
I mean who downloads software from some random website?
Re:So did it get into any distribution? (Score:5, Insightful)
From a link on the official site? Everyone!
Re:So did it get into any distribution? (Score:5, Informative)
Re: (Score:2)
I would forgive anyone who assumed, because it definitely looks like a random scam site from 2006 when you visit it. Even when it's working normally.
I guess it's possible all the fake download links you have to dodge to get to the real one don't contain viruses, but I assume they do, simply because of the deceptive aspect.
Re: (Score:2)
I would forgive anyone who assumed, because it definitely looks like a random scam site from 2006 when you visit it. Even when it's working normally.
Given the nature of the tool, it doesn't need a hip modern web page. :-)
Re: (Score:3)
I would prefer an honest Web 1.0 site, but it's not that either.
Re: (Score:2)
Not to mention, TFS mentions digital signatures. The problem here is that the original files weren't being served in the first place, and embedded digital signatures (how Windows expects them to be packaged) can't help you in that case. The signature is part of the original file which wasn't sent. Making matters worse, if that file had been given a valid digita
Cupid's backend compromised? (Score:2, Funny)
What? I need more coffee.