CPUID Website Breach Serves Malware via CPU-Z and HWMonitor Downloads

Severity: High (Score: 68.2)

Sources: Bleepingcomputer, Ground.News, Cybersecuritynews, Cybernews, Theregister

Summary

The CPUID website was compromised for approximately six hours between April 9 and April 10, 2026, allowing attackers to hijack download links for popular utilities CPU-Z and HWMonitor. Users who attempted to download these tools received trojanized installers, specifically a file named 'HWiNFO_Monitor_Setup.exe,' which triggered antivirus alerts. The malware is designed to steal sensitive data, including browser credentials, and employs advanced evasion techniques to bypass detection. CPUID confirmed that the original software files were not compromised, but the attack exploited a secondary API feature. Security researchers noted that the malicious downloads were flagged by multiple antivirus engines. The breach has since been fixed, and CPUID is now serving clean versions of the software. Users are advised to check for any installations during the attack period and take necessary precautions. Key Points: • CPUID's website was compromised for six hours, serving malware to users downloading CPU-Z and HWMonitor. • The malware, disguised as legitimate software, is designed to steal sensitive data and evade detection. • CPUID has fixed the breach and is now providing clean downloads, but users are urged to secure their systems.

Key Entities

• Malware (attack_type)
• Supply Chain Attack (attack_type)
• Trojan (attack_type)
• Cpuid (company)
• cpuid.com (domain)
• T1003 - OS Credential Dumping (mitre_attack)
• T1055 - Process Injection (mitre_attack)
• T1059.001 - PowerShell (mitre_attack)
• T1071 - Application Layer Protocol (mitre_attack)
• Google Chrome (tool)
• PowerShell (tool)
• Windows (platform)