The PC Security Channel
Hosted by a malware analyst, this channel reviews antivirus software and malware defense techniques, provides Windows security news, and demonstrates how to analyze and combat threats in a consumer‑friendly style ([www.linkedin.com](https://www.linkedin.com/pulse/top-20-youtube-channels-cybersecurity-pawan-panwar-hhmsc#:~:text=12)).
CPU-Z and HWMonitor Are Malware!?
The video exposes a supply‑chain breach affecting the official installers of CPU‑Z and HWMonitor. A compromised cryptbase.dll was injected into the legitimate download packages, turning these popular system‑info tools into malware droppers. The malicious DLL contacts a remote command‑and‑control server, retrieves a C# source file, and invokes the .NET compiler on the victim’s machine. The code is built entirely in memory, leaving no on‑disk payload, which defeats most traditional antivirus signatures. It also includes VM‑evasion checks and focuses on harvesting browser passwords and other online credentials. The presenter cites VX‑Underground’s analysis, noting 42 AV detections for the infected version versus none for the clean DLL. He demonstrates the behavior with Process Explorer, showing the DLL load and self‑termination. The incident follows a recent 7‑Zip supply‑chain attack, highlighting that even official vendor sites can be compromised. For enterprises and security‑conscious users, the breach underscores the fragility of trust in third‑party utilities. Deploying zero‑trust application control, behavioral monitoring, and strict allow‑lists are recommended to mitigate similar threats in the future.
NPM Axious Hack: Popular Applications Potentially Infected by a RAT?
The video examines a recent supply‑chain compromise of the widely‑used NPM package Axios, which was hijacked to distribute a remote‑access tool (RAT) that briefly infected an estimated 100 million computers. The malicious payload is delivered in three platform‑specific variants—a Windows PowerShell script,...
Official Game Installs Malware
The video warns that the indie title “Do at Night Abyss” was compromised in a supply-chain attack, delivering the UmbrellaStealer info‑stealer to unsuspecting players. The breach did not require any user click; the malicious payload was bundled with the game’s...
Undetected Discord Malware
The video warns that a new strain of malware is being spread on Discord through seemingly innocuous messages from friends offering a closed‑beta game. The attacker shares a trailer link and a download page that appears legitimate, prompting recipients to...
How Stealthy Was the 7zip Malware and How to Spot It?
The video dives into the Trojan‑laden 7‑Zip installer that was being served from the look‑alike domain 7zip.com, showing how the malicious package mimics the legitimate 7‑Zip setup while silently dropping a back‑door. In the Any.run sandbox the analyst observed that the...