logoalt Hacker News

john_strinlaitoday at 3:04 PM4 repliesview on HN

some comments purportedly (i did not verify) from one of the maintainers:

>Dear All, I'm Sam and in I'm working with Franck on CPU-Z (I'm doing the validator). Franck is unfortunately OOO for a couple weeks. I'm just out of bed after worked on Memtest86+ for most the night, so I'm doing my best to check everything. As very first checks, the file on our server looks fine (https://www.virustotal.com/gui/file/6c8faba4768754c3364e7c40...) and the server doesn't seems compromised. I'm investigating further... If anyone can tell me the exact link to the page where the malware was downloaded, that would help a lot

>Thank you. I found the biggest breach, restored the links and put everything in read-only until more investigation is done. Seems they waited Franck was off and I get to bad after working on Memtest86+ yesterday :-/

>The links have been compromised for a bit more than 6 hours between 09/04 and 10/04 GMT :-/

so, it appears that the cpuid website was compromised, with links leading to fake installers.

Replies

cwizoutoday at 5:43 PM

For what it's worth - I used to write CPU reviews a while back - I can vouch for both Sam and Franck. Franck is the guy behind CPUID and Sam is a close friend of his, who was known for working at Canard PC on top of his work on Memtest : https://x86.fr/about-me/

show 1 reply
pseudosavanttoday at 6:34 PM

Glad that they figured out the issue and fixed the links. When I first read this, I assumed it was actually the sketchy ads that are run on www.cpuid.com.

These are the real ads I just saw on a single download page for CPU-Z: "Continue to Download", "Install For windows 10, 11 32/64 bit Get Fast!", "Download", "Download now from PC APP STORE", or "Download Now For windows 10, 11 32/64 bit". Many of them appeared multiple times on the page.

The real download links don't even say they are download links.

I love the winget CLI in this situation. This is all you need: `winget install CPUID.CPU-Z`.

show 1 reply
cluckindantoday at 8:01 PM

Any idea how the compromise was achieved?

show 1 reply
BoredPositrontoday at 3:21 PM

It's the third time that I've read something about availability notifications on discord and other chats getting abused for timed attacks in the last few weeks.

show 2 replies