HWMonitor & CPU-Z users were exposed to malware through fake downloads after CPUID breach

CPUID, the developer behind the popular tools HWMonitor and CPU-Z has been hit for a website breach that exposed users to malware for about six hours, according to a statement shared by the developer. During this period, download links for HWMonitor and CPU-Z on the official site pointed to trojanized installers distributed from a third-party domain previously linked to supply chain attacks.

While the compromised installers mainly targeted browser credential theft, especially attempting to access and decrypt saved passwords from Google Chrome, the malware also operated using advanced evasion—including running almost entirely in memory and proxying low-level functions via .NET code—to circumvent endpoint detection and antivirus systems. Following the discovery, CPUID’s developer clarified that the breach was limited to a side application programming interface and that their original signed installers were not altered.

Some users described immediate detection of the rogue installers by Microsoft Defender and noticed unusual behavior, such as a Russian-language installation interface. That same user later tested alternate download URLs and found that some links appeared to deliver the legitimate hwmonitor_1.63.exe file with no malware detected, which supports CPUID’s explanation that the malicious links were shown randomly rather than replacing every download consistently. CPUID has since resolved the breach and continues its internal investigation, but given the brief but high-traffic exposure window, many users may have downloaded the compromised files before the vulnerability was addressed. Hopefully that was not your case.