CPUID Breach Sends STX RAT Through Trojanized Downloads of CPU-Z and HWMonitor

Hackers took advantage of a flaw in CPUID This article explores compromise malware complex. . More than 150 people have been identified as victims, most of whom are individuals.

Companies in fields like retail, manufacturing, consulting, telecommunications, and agriculture have also been affected. The attackers' biggest mistake was using the same infection chain with STX Ransomware and the same domain names for command-and-control (C2) communications. Kaspersky said, "The threat actor behind this campaign has relatively low malware development/deployment and operational security capabilities, which allowed for early detection of the watering hole compromise." The malware is a complex Remote Access Trojan (RAT) that is known for its HVNC features and ability to steal a lot of information.

Malwarebytes' study of the incident found that most of the infections are in Brazil, Russia, and China.

Within 24 hours of the first breach, the attack was found. During that time, these platforms spread malicious executables. ZIP files and standalone installer packages for the affected products were used to spread the trojanized software.

Each app has a real signed executable file and a "CRYPTBASE.dll" file that is hard to read. This is done so that DLL-side loading techniques can be used.

Hackers took advantage of a flaw in CPUID This article explores compromise malware complex. . More than 150 people have been identified as victims, most of whom are individuals.

Malwarebytes' study of the incident found that most of the infections are in Brazil, Russia, and China.

Each app has a real signed executable file and a "CRYPTBASE.dll" file that is hard to read. This is done so that DLL-side loading techniques can be used.

CPUID Breach Sends STX RAT Through Trojanized Downloads of CPU-Z and HWMonitor

Trending News

Your Next Breach Will Look Like Business as Usual

Your Next Breach Will Look Like Business as Usual

Ransomware Groups Increasingly Turn to EDR Killers Outside Vulnerable Driver Tactics

Ransomware Groups Increasingly Turn to EDR Killers Outside Vulnerable Driver Tactics

ProSpy Spyware Spread Through Fake Messaging Apps In Middle East Campaign

ProSpy Spyware Spread Through Fake Messaging Apps In Middle East Campaign

Malicious OpenVSX Extension Delivers GlassWorm To VS Code, Cursor, and Windsurf Users

Malicious OpenVSX Extension Delivers GlassWorm To VS Code, Cursor, and Windsurf Users

Industrial Controllers Still Vulnerable As Conflicts Move to Cyber

Industrial Controllers Still Vulnerable As Conflicts Move to Cyber

Gmail with end-to-end encryption is now available on Android and iPhone.

Gmail with end-to-end encryption is now available on Android and iPhone.