What CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HW Means for Pasay Businesses

A Pasay BPO technician downloaded what looked like a standard CPU monitoring tool last April — and quietly handed remote access to an attacker halfway around the world.

If your team uses CPU-Z or HWMonitor for hardware diagnostics, you need to know what happened and what to check right now.

A Trusted Tool Became the Threat for Less Than 24 Hours

Attackers quietly compromised CPUID's official website — the legitimate source for CPU-Z and HWMonitor — and replaced real downloads with trojanized installers carrying a remote access trojan called STX RAT.

The window was short. Roughly 19 hours, from April 9 to April 10.

Your IT team may not have noticed anything wrong because the file came from a site they already trusted — not a pirated mirror, not a sketchy forum link.

What to Check on Your Machines Right Now

If anyone on your team downloaded these tools during that window, treat the machine as compromised until proven otherwise.

• Check download history for CPU-Z or HWMonitor installs dated April 9–10
• Run a full endpoint scan — not just a quick scan
• Look for unusual outbound connections in your firewall or router logs
• Verify installed file hashes against the official CPUID-published values
• Isolate any flagged machine before reconnecting it to shared drives

Your Team Stops the Spread Before It Reaches Payroll or Client Data

STX RAT gives an attacker eyes and hands inside your machine — files, keystrokes, credentials, everything.

Catching it early, before it moves laterally to your accounting system or client database, is the difference between a contained incident and a reportable breach.

If you want someone to walk through this with your team, WNS5.tech offers endpoint security assessments for SMBs across Pasay and Central Luzon.