CPUID site hijacked to serve malware instead of HWMonitor (and CPU-Z) downloads

Source: The Register

CPUID site hijacked to serve malware instead of HWMonitor downloads

Six-hour breach turned trusted links into a coin toss between legit tools and credential stealers

iconCarly Page
Fri 10 Apr 2026 // 12:53 UTC

Visitors to the CPUID website were briefly exposed to malware this week after attackers hijacked part of its backend, turning trusted download links into a delivery mechanism for something far less welcome.

The issue hit tools like HWMonitor and CPU-Z, with users on Reddit and elsewhere starting to notice something wasn't right when installers tripped antivirus alerts or showed up under odd names. One example that did the rounds had the HWMonitor 1.63 update pointing to a file called "HWiNFO_Monitor_Setup.exe," which is not what anyone went there to download, and a pretty clear sign that something upstream had been tampered with.

CPUID has since confirmed the breach, pinning it on a compromised backend component rather than tampering with its software builds.

"Investigations are still ongoing, but it appears that a secondary feature (basically a side API) was compromised for approximately six hours between April 9 and April 10, causing the main website to randomly display malicious links (our signed original files were not compromised)," one of the site's owners said in a post on X. "The breach was found and has since been fixed."

-snip-

Read more: https://www.theregister.com/2026/04/10/cpuid_site_hijacked/

Link to tweet