Trojanized CPU-Z and HWMonitor Installers Push STX RAT After CPUID Breach

Attackers compromised CPUID’s distribution channel and used it to ship trojanized builds of CPU-Z and HWMonitor, two widely trusted hardware diagnostic utilities. The tampered installers carry STX RAT, a remote access trojan that gives operators persistent control over infected Windows systems — a textbook supply chain attack riding on legitimate, signed-looking software that users routinely run with admin privileges.

The blast radius is meaningful because CPU-Z and HWMonitor are staples among gamers, overclockers, system builders, and IT technicians, meaning infected machines skew toward power users with elevated access and valuable credentials. Anyone who pulled fresh installers from CPUID infrastructure during the compromise window should treat affected hosts as potentially backdoored, rotate credentials, and hunt for STX RAT indicators rather than relying on AV alone.

The incident reinforces that vendor-direct downloads are not an automatic safe path. Hash verification, code-signing checks, and EDR telemetry on diagnostic tool execution matter even for software with a long reputation, because the trust anchor is the vendor’s build pipeline — and that pipeline is now a known target.