Inside the CPU-Z Watering Hole Attack: AI-Powered EDR Stops Supply Chain Compromise

On April 9, 2026, an insidious software supply chain attack unfolded when threat actors compromised CPUID's official download portal to deliver malware disguised as legitimate CPU-Z and HWMonitor utilities. For nearly 19 hours, users who visited the genuine cpuid.com and clicked the official download button received a properly signed binary bundled with a malicious payload. SentinelOne's AI-driven endpoint detection and response (EDR) system detected the anomaly within seconds, autonomously terminating the processes and quarantining the threat. This incident underscores the evolving sophistication of supply chain attacks, where trust in a vendor's identity is weaponized. Below, we answer key questions about the attack, its detection, and its implications for cybersecurity.

What Exactly Happened in the CPU-Z Watering Hole Attack?

Attackers compromised CPUID's domain at the API level, silently redirecting legitimate download requests to attacker-controlled infrastructure. Users who navigated to cpuid.com and clicked the official download button received a binary that was digitally signed and appeared genuine—but it contained a malicious payload. The attack ran for about 19 hours, targeting IT professionals who regularly use CPU-Z, HWMonitor, and related tools. The threat actors exploited trust in the vendor, turning a reputable distribution channel into a delivery mechanism for malware. SentinelOne's agent flagged the anomaly when the seemingly harmless cpuz_x64.exe began spawning PowerShell, which then launched csc.exe and cvtres.exe—a completely abnormal process chain for a CPU monitoring tool.

How Did Attackers Compromise CPUID's Download Infrastructure?

The compromise occurred at the API level, meaning the attackers gained access to the underlying web service that serves download files. They did not simply replace the file on the server; instead, they manipulated the request-response flow so that legitimate download buttons pointed to malicious URLs. This technique is known as a watering hole attack combined with supply chain infiltration. Because the malware was bundled into a properly signed binary, traditional signature-based antivirus solutions would have seen only a valid certificate and allowed execution. The attackers likely exploited vulnerabilities in CPUID's web infrastructure or used stolen credentials to inject redirect code. This method allowed them to bypass user suspicion entirely—victims followed every recommended security step by downloading from the official site.

What Behavioral Anomalies Did SentinelOne's Agent Detect?

SentinelOne's agent triggered an alert for "Penetration framework or shellcode was detected" within seconds. The detection was based on five converging behavioral indicators:

• Anomalous API resolution: The process located system functions through non-standard methods, bypassing the OS loader.
• Reflective code loading: Executable code ran in memory regions with no corresponding file on disk, indicating hidden payload injection.
• Suspicious memory allocation: Read-Write-Execute (RWX) memory permissions were requested, a classic staging area for malicious code.
• Process injection patterns: Execution flow indicated code redirecting into a secondary process to mask its origin.
• Heuristic shellcode signatures: Sequential operations matched automated exploitation toolkits preparing an environment for command execution.

These behavioral signals, not static signatures, allowed the AI to classify the process as malicious even though the binary was signed and originated from the vendor's infrastructure.

Why Did Traditional Security Measures Fail Against This Attack?

Traditional security relies heavily on reputation and signature checks. The downloaded binary was digitally signed by CPUID and came from the company's own domain, so antivirus solutions would likely mark it as safe. The attack broke the chain of trust above the user: the vendor's identity and infrastructure were both compromised. No amount of user caution could have prevented it—IT professionals followed best practices by downloading from the official site. The attack also bypassed network security because the download appeared legitimate. Only behavioral detection, which analyzes what a process does after execution rather than what it is, could spot the anomaly. SentinelOne's AI looks for deviations from expected behavior, such as a CPU-Z tool spawning PowerShell and compilers—a clear red flag that no human could have caught in real-time.

How Does This Attack Reflect Broader Supply Chain Trends?

SentinelOne's Annual Threat Report identifies a systemic shift: attackers increasingly compromise trusted developer identities or infrastructure to distribute malware. The CPU-ID incident mirrors earlier campaigns like GhostAction (late 2025), where a compromised GitHub maintainer account pushed malicious workflows to steal secrets. Similarly, a phishing attack against an NPM package maintainer deployed code that intercepted cryptocurrency transactions. In all cases, commit logs and push events appeared legitimate because they came from accounts with valid write access. The CPUID attack extends this pattern to software distribution itself, turning the supplier's download channel into the delivery vector. This shows that securing the software supply chain requires not only code integrity checks but also continuous monitoring of distribution infrastructure and behavioral analytics at runtime.

What Specific Actions Did SentinelOne's AI Take Autonomously?

Upon detecting the behavioral anomalies, SentinelOne's agent autonomously terminated and quarantined the involved processes before the attack could progress. Specifically, it killed the cpuz_x64.exe process and any child processes it had spawned, including the PowerShell and compiler instances. The agent also quarantined the malicious CRYPTBASE.dll located in temp directories. This fully automated response happened within seconds of execution, preventing the malware from establishing persistence, exfiltrating data, or executing secondary payloads. No human intervention was required—the AI made a real-time decision based on behavioral confidence scores. This represents a fundamental shift from detect and respond to predict and prevent, where the endpoint itself becomes the last line of defense against zero-day supply chain attacks.

What Lessons Can Organizations Learn from This Attack?

First, trust but verify even when downloading from official vendor sites—behavioral protection is essential because signatures and certificates can be compromised. Second, adopt endpoint detection solutions that use AI to analyze process chains and memory patterns, not just file hashes. Third, implement application control policies to restrict which executables can spawn scripting engines like PowerShell. Fourth, treat download infrastructure as a critical attack surface and monitor it for API manipulation or unauthorized redirects. Fifth, prepare for a future where every software download may be a vector: use runtime protection that can block unexpected process behaviors even if the initial file is trusted. Finally, share threat intelligence about such incidents through ISACs (Information Sharing and Analysis Centers) to help the community respond faster.