Their very download page is malware. It's filled with fake download buttons that are actually ads for dodgy browser plugins and alike. There are eight buttons on their home page that say "start download", "click to download", "download (free)" all of which link to god knows what. The actual download link says "Zip English" and even after clicking that you get a popup for some other malware that you need to dismiss to begin the actual download of the utility.
I know they need to make money somehow, but if it's by exposing your customers to malware ads you obviously don't value your customer's system security very much.
There's been a bunch of supply chain attacks lately, a similar thing happened to notepad++ when their hosting provider was compromised and npm packages have been getting hit a lot lately. Conventional wisdom used to say update software often but these days updating less often seems to be safer.
My thought has mostly always been update if necessary. Does the update contain a bug fix you need or a feature you want? Update. If not there's no hurry.
I've certainly not liked the trend of constantly updating all dependencies with dependabot or something similar if its not necessary, most software package managers have lock files and version pinning for a reason. Just seems like an easy way to get owned by a supply chain attack as soon as they happen.
Update often to n days old versions is a good policy. Tune n to your exposure and make it zero when there's a critical fix to something like easy remote code execution.
Just checked my history from then and it was adware.pheonix Invicta that was installed with HWMonitor. Downloaded from the official site. I tried every solution I could find to remove it but I just couldn't get rid of it so I had to wipe everything and start fresh again. That was on the 8th of February.
why does the article read like some LLM confused hwinfo with hwmonitor?
Compromised download chain at HWiNFO as well?
The most plausible explanation at present is not that HWiNFO was compromised, but rather that a download path within the CPUID environment was manipulated
hwinfo has nothing to do with cpuid
why is it digressing to past hwinfo false-positives?
davew111@reddit
Their very download page is malware. It's filled with fake download buttons that are actually ads for dodgy browser plugins and alike. There are eight buttons on their home page that say "start download", "click to download", "download (free)" all of which link to god knows what. The actual download link says "Zip English" and even after clicking that you get a popup for some other malware that you need to dismiss to begin the actual download of the utility.
I know they need to make money somehow, but if it's by exposing your customers to malware ads you obviously don't value your customer's system security very much.
Holychrissst@reddit
i checked and i currently have 2.18 and 1.61 versions but like am i safe some people are talking about it being dangerous because of automatic updates
Sopel97@reddit
the vulnerable versions are 2.19 and 1.63 respectively, and I haven't seen any reports of spoofed version numbers, so you're likely fine
bizude@reddit
This issue was resolved ~6 hours after it was discovered. It's not a problem anymore, though it is worrying that it happened in the first place.
Electrical_Zebra8347@reddit
There's been a bunch of supply chain attacks lately, a similar thing happened to notepad++ when their hosting provider was compromised and npm packages have been getting hit a lot lately. Conventional wisdom used to say update software often but these days updating less often seems to be safer.
SoilMassive6850@reddit
My thought has mostly always been update if necessary. Does the update contain a bug fix you need or a feature you want? Update. If not there's no hurry.
I've certainly not liked the trend of constantly updating all dependencies with dependabot or something similar if its not necessary, most software package managers have lock files and version pinning for a reason. Just seems like an easy way to get owned by a supply chain attack as soon as they happen.
ReplacementLivid8738@reddit
Update often to n days old versions is a good policy. Tune n to your exposure and make it zero when there's a critical fix to something like easy remote code execution.
Papa-Blockuu@reddit
I got hit with this 2 months ago when I upgraded my PC so this must be an ongoing issue.
bizude@reddit
Can you provide more details?
Papa-Blockuu@reddit
Just checked my history from then and it was adware.pheonix Invicta that was installed with HWMonitor. Downloaded from the official site. I tried every solution I could find to remove it but I just couldn't get rid of it so I had to wipe everything and start fresh again. That was on the 8th of February.
wizfactor@reddit
Supply Chain attacks are one of the few types of cyberattacks that keep me up at night.
3G6A5W338E@reddit
It has been a few days now.
How is there still no official incident report?
Sopel97@reddit
why does the article read like some LLM confused hwinfo with hwmonitor?
hwinfo has nothing to do with cpuid
why is it digressing to past hwinfo false-positives?
3G6A5W338E@reddit
Not an issue via chocolatey.
Gotta love verifying downloads against known-good hashes automatically.
AK-Brian@reddit
Standard reminder to use HWInfo64.