CPUID Hack Spreads STX RAT via Fake CPU-Z Downloads

Michael Miller · 2026-04-12

Here's a cybersecurity alert that should make every tech professional pause. Unknown threat actors pulled off a pretty brazen attack recently. They compromised the official CPUID website—that's the home of popular hardware monitoring tools like CPU-Z, HWMonitor, and PerfMonitor—for less than a day. But that was all the time they needed. For roughly 19 hours, from around April 9th to April 10th, the site served up malicious versions of these trusted utilities. Instead of getting the legitimate software, unsuspecting users downloaded a remote access trojan called STX RAT. It's a stark reminder that even trusted sources can become dangerous in an instant. ### What Exactly Happened During the CPUID Breach? The attackers took control of cpuid[.]com. Think about that for a second. This isn't some shady download portal. It's the primary, official source for tools that millions of IT pros, gamers, and hardware enthusiasts rely on to check system specs, monitor temperatures, and benchmark performance. During the compromise window, the download links for CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor were swapped out. Clicking "download" fetched a trojanized executable that installed the STX RAT malware silently in the background. The site was cleaned up by April 10th, but the damage was potentially already done for anyone who downloaded during that period.  ### Understanding the STX RAT Threat So, what is STX RAT? It's not just any malware. RAT stands for Remote Access Trojan. If it gets on your system, it gives the attacker a frightening level of control. It's like handing over the keys to your digital house. - **Full System Access:** Attackers can see your files, your keystrokes, and your screen. - **Data Theft:** They can steal passwords, financial information, and sensitive documents. - **Persistence:** These things are built to hide and stay installed, even after reboots. - **Backdoor:** It can open a door for even more malware to be installed later. In short, it's a worst-case scenario. A tool designed for monitoring your hardware's health was turned into a vehicle for a complete system takeover. ### How to Check If You're Affected If you downloaded CPU-Z, HWMonitor, or any tool from the official CPUID site between roughly 11:00 AM Eastern on April 9th and 6:00 AM Eastern on April 10th, you need to take action. Don't panic, but do be thorough. First, check the file hash of the installer you downloaded. The legitimate versions have specific digital fingerprints. You can find the correct hashes (like SHA-256) on reputable tech forums or security bulletin boards now that the news is out. If your file's hash doesn't match, you likely got the bad one. Run a full scan with your updated antivirus software. But don't stop there. Consider these steps: - Monitor your system for unusual activity—slow performance, strange network traffic, or unknown processes. - Check your accounts for any unauthorized access. - If you suspect infection, you may need to consider a clean reinstall of your operating system from a trusted source to be absolutely safe. It's a hassle, but it's the surest way to evict a persistent RAT. ### A Lesson in Digital Hygiene This incident hits home because it exploits trust. We're taught to go to the official source to avoid malware. When that official source itself is poisoned, it shakes the foundation. It reminds me of a quote from a security researcher I respect: "The chain of trust is only as strong as its most recently compromised link." So, what's the takeaway? Always practice defense in depth. Even when downloading from a trusted site, it's a good habit to: - Verify file hashes when possible, especially for critical system tools. - Keep your security software active and updated. - Maintain regular, offline backups of your important data. - Stay informed about current threats through reliable security news sources. The digital landscape requires constant vigilance. This CPUID breach was a short, sharp shock to the system—a powerful reminder that in cybersecurity, complacency is the real enemy. Protect your systems, verify your downloads, and stay safe out there.