HWMonitor Hijacked to Deliver Remote Access Trojan via Malicious DLL

Severity: High (Score: 64.5)

Sources: Cybersecuritynews, Gbhackers

Summary

Hackers have exploited the HWMonitor utility, a trusted hardware monitoring tool, to deliver a remote access trojan (RAT) known as STX RAT. The attack involves a weaponized ZIP archive that masquerades as a legitimate installer, distributed through a fake download link. Users of HWMonitor, developed by CPUID, are at risk as the malware is designed to operate stealthily once installed. This campaign highlights the ongoing threat of trusted software being misused for malicious purposes. The exact number of affected users is currently unknown, but the potential impact is significant given HWMonitor's popularity among system administrators and tech enthusiasts. Security experts are urging users to verify download sources and remain vigilant against such attacks. The current status of the attack is active, with ongoing investigations into the distribution methods. Key Points: • HWMonitor, a widely used utility, has been weaponized to deliver STX RAT. • Attackers are using fake download links to distribute a malicious ZIP archive. • Users are advised to verify sources before downloading software to avoid infection.

Key Entities

• Malware (attack_type)
• Trojan (attack_type)
• STX RAT (malware)
• T1036 - Masquerading (mitre_attack)
• T1574 - Hijack Execution Flow (mitre_attack)
• HWMonitor (tool)