Supply Chain Attack on CPUID Distributes Trojanized Installers

An attacker compromised the software distribution on cpuid.com and distributed trojanized installers for CPU-Z and HWMonitor between April 9 and 10, 2026. The malicious packages employed DLL sideloading via CRYPTBASE.dll to deploy STX RAT, a remote access trojan with information-stealing capabilities. The attack targeted users downloading legitimate hardware diagnostic utilities from the official site during the specified timeframe. No CVE identifiers were mentioned in the report.