N3mes1s

CPU-Z 2.19 Supply Chain Attack - Malware Analysis Report

Date: 2026-04-10 Analyst: nemesis Classification: Trojan / Backdoor (Alien RAT variant) Severity: CRITICAL Campaign ID: CityOfSin (extracted from C2 callback UTM parameters) Scope: CPUID official domain compromise affecting CPU-Z, HWMonitor, HWMonitor Pro, PerfMonitor 2, powerMAX + separately FileZilla Status: Breach confirmed and fixed by CPUID; site was compromised ~6 hours on April 9-10, 2026 CPUID Statement: "A secondary feature (a side API) was compromised for approximately six hours [...] causing the main website to randomly display malicious links. Our signed original files were not compromised."