## CPUID Website Compromised in Supply Chain Attack Targeting CPU-Z Downloads with DLL Sideloading Malware A supply chain compromise targeting the official CPUID website (cpuid.com) has been identified, affecting downloads of multiple popular hardware monitoring tools. The incident, reported to have occurred on April 9-10, 2026, represents a significant breach of a trusted software distribution channel used by millions of users for hardware diagnostics and system information gathering. The attack centers on a trojanized distribution package named cpu-z_2.19-en.zip, which bundles legitimate CPU-Z executables alongside a malicious CRYPTBASE.dll. This DLL exploits the Windows DLL search order mechanism to achieve code execution through DLL sideloading, a technique mapped as T1574.002 in the MITRE ATT&CK framework. By placing the malicious DLL in the same directory as the legitimate executable, attackers can hijack the application's library loading process without modifying the original software, making detection particularly challenging for end users and security tools. CPU-Z is widely used by enthusiasts, IT professionals, and hardware reviewers for processor and memory identification, making this supply chain attack especially concerning. Users who downloaded CPU-Z or other hardware tools from the official CPUID website during the affected period may have unknowingly executed malicious code on their systems. The use of DLL sideloading with a legitimately signed application allows the malware to potentially bypass certain security controls. Security researchers have published technical details enabling organizations to identify compromised files and assess potential exposure. This incident underscores the persistent risk of supply chain attacks against software distribution platforms, even for established utility tools. --- - **Source**: Mastodon:mastodon.social:#infosec - **Sector**: The Lab - **Tags**: supply-chain-attack, DLL-sideloading, CPU-Z, malware, infosec - **Credibility**: unverified - **Published**: 2026-05-09 18:31:47 - **ID**: 81228 - **URL**: https://whisperx.ai/en/intel/81228