CPUID Website Compromised, Malware Distributed via CPU-Z and HWMonitor Downloads

Severity: High (Score: 71.0)

Sources: Overclock3D, Cybersecuritynews, Bleepingcomputer, Theregister, Ground.News

Summary

The CPUID website was compromised for approximately six hours between April 9 and April 10, 2026, allowing attackers to redirect downloads for the popular utilities CPU-Z and HWMonitor to malicious executables. Users reported downloading a trojanized installer named 'HWiNFO_Monitor_Setup.exe,' which was flagged by multiple antivirus engines as malicious. The malware is designed to operate primarily in memory, evade detection, and potentially steal sensitive information. CPUID confirmed that their original software files were not compromised, but the attack exploited a secondary API feature. Security experts have warned users to avoid unverified downloads and to rotate sensitive credentials if they suspect infection. The issue has since been resolved, and CPUID is now serving clean versions of their software. Investigations are ongoing to determine the full scope of the attack and how the API was accessed. Key Points: • CPUID's website was compromised, redirecting users to malicious downloads for CPU-Z and HWMonitor. • The malware operates primarily in memory and is capable of stealing sensitive user data. • CPUID has fixed the issue and is now providing clean downloads, but users are advised to check for infections.

Key Entities

• Malware (attack_type)
• Supply Chain Attack (attack_type)
• Trojan (attack_type)
• Cpuid (company)
• cpuid.com (domain)
• T1003 - OS Credential Dumping (mitre_attack)
• T1055 - Process Injection (mitre_attack)
• T1059.001 - PowerShell (mitre_attack)
• T1071 - Application Layer Protocol (mitre_attack)
• Google Chrome (tool)
• PowerShell (tool)
• Windows (platform)