CPUID Breach Exposed CPU-Z and HWMonitor Users to Malware

If you downloaded CPU-Z or HWMonitor from the Official CPUID website on April 9 or 10, 2026, you may want to stop what you are doing and take a closer look at your PC. CPUID confirmed that attackers compromised part of its download infrastructure which was first reported by DMKiller on Reddit The attack briefly replaced legitimate download links with malicious ones in a six-hour window. The company says the issue has been fixed and that its original signed files were not altered.

Here is the small statement I sent to everyone... 😓

Hi,

Investigations are still ongoing, but it appears that a secondary feature (basically a side API) was compromised ASpril 9 and April 10, causing the main website to randomly display… https://t.co/ZfHRoWwkOM

— Doc TB (@d0cTB) April 10, 2026

This hack matters because CPU-Z and HWMonitor are trusted Windows tools. The attack exploited that trust, making it that much more dangerous.

What Happened at CPUID?

According to CPUID, attackers compromised a secondary feature on the website and used it to push malicious download links via the official site. This lasted only six hours before it was noticed and corrected. The problem here was not a typo, a domain or a random scam site. The attack used the legitimate download flow on the official site, making it a legit supply-chain attack that caught users 100% off guard.

That is a bigger deal than usual malware hit. Users did what they were supposed to do by downloading the software from a legitimate source, but they still got an unwelcome surprise.

Which CPUID Downloads Were Affected?

CPU-Z and HWMonitor were most affected by the breach. That makes sense due to their popularity. But reports suggest related tools on CPUID’s website may also have been compromised during the same time. If you downloaded either utility during the window, it is safest to assume there was some risk.

The good news here is that it appears only users who visited the CPUID main website and initiated a download were affected in a sort of man-in-the-middle attack on one of the website's API calls. If you updated the software, had a direct link, or downloaded from a source like MajorGeeks, you would not be affected.

Why This Breach Matters

Supply chain attacks are ugly because they break one of the most basic rules of the Internet..... Download software only from a trusted source. When the official source is the problem, what is the end user to do?

That is what makes this story more than just another malware alert. CPU-Z and HWMonitor are not fringe tools, or weekend vibe code projects. They are VERY popular, trusted, and widely used by enthusiasts, repair techs, gamers, and everyday users who just want to check temperatures, voltages, or hardware specs. Heck, we have been recommending and using this software on the daily since 1999. They are the gold standard for what they do. Just that alone makes this a big deal.

Add on the fact that attackers now have AI tools helping them move faster and more efficiently, and companies like Anthropic saying its latest model is too dangerous for release because it is too good at hacking , this breach feels like a warning shot for things to come.

What the Malware Was Reportedly Doing

This was not a lazy smash-and-grab infection. The malware seems to have used layered delivery, evasive behavior, and techniques to make detection harder. Early analysis reports suggest the malicious files were designed to steal the sensitive data that hackers love, especially browser-stored credentials.

People should not assume that a quick antivirus scan is always enough. If a compromised installer was run, the safest response is to treat the system seriously, not casually. This is not one of those times to shrug and say, "Well, I’ll get to this next week."

Who Should Be Concerned?

Anyone who downloaded CPU-Z, HWMonitor, or related CPUID tools during the affected time should pay attention and take action. The greatest concern is for those who actually ran the suspicious installer. If you only visited the page and did not download anything, or you downloaded but did not run the file, you should be fine. You should still delete the file, run a scan to double check.

What To Do If You Downloaded CPU-Z or HWMonitor During the Breach

Sorry to say, you're in for a long one.

Reports say the Trojan was designed to abuse Google Chrome's IElevation COM interface to dump and decrypt saved passwords. Cyderes also says the final payload, identified as STX RAT, had infostealer capabilities and could harvest browser credentials and session cookies, plus crypto wallet keys, password manager data, and VPN and FTP credentials.

Start with a full scan with trusted security software. Most can do a good job of removing a known threat. Frankly, we would run a few scans with multiple products over time, just to be sure. A good would be to scan withAvast Free or Bitdefender Free then throw in a Malwarebytes. If you are clean after that I'd feel decent but I would still run the logs past the Experts in our support forums.

However, the safest move is a clean Windows reinstall. That may sound dramatic, but with credential theft and more advanced malware behavior in the mix, "good enough" is not the same as "safe."

Once the Trojan is removed, change your passwords, especially those for anything stored in your browser. Email, banking, shopping, cloud storage, and social media accounts should be at the top of the list. Enable multi-factor authentication everywhere you can. Check important accounts for suspicious activity, and don't forget to check crypto wallets if you use them.

Is CPUID Safe To Download From Again?

CPUID says the breach has been fixed and that the officially signed files were not compromised. That is good news, but users should still be cautious for a while. Check filenames, verify the digital signature, and pay attention to anything that looks off. You do not need to panic, but this is not the week to click first and ask questions later.

A Good Reminder for Windows Users

This breach is a reminder that even trusted utilities can become risky when their delivery systems are compromised. We spend a lot of time warning people away from shady download sites, but sometimes the danger shows up where you least expect it. That is why basic habits like checking signatures, watching installer behavior, scanning everything before you install, and keeping your security software updated still matter.

The Bottom Line

CPUID confirmed that attackers briefly used its website to push malicious downloads for CPU-Z and HWMonitor. This did not affect the signed files, only the download links on the CPUID website itself. The breach has been fixed. Users who downloaded during the affected period should assume risk and act accordingly. Change passwords, enable multi-factor authentication, scan your system, and if you ran a suspicious installer, consider a clean reinstall.

The safest advice is often not the easiest. Take action now rather than ignore the problem.

The main takeaway is that users now need to be even more cautious, even with trusted names. Pay attention to odd filenames, unusual prompts, or security warnings. Keep good security software installed. And if something feels off, stop right there and give it a good scan at Virus Total. Healthy paranoia is starting to look less like overreacting and more like basic computer hygiene.

The other take away is this could have been a LOT worse. How fast the software community reacted and worked together to help the author of CPUID to fix the problem was amazing. From discovery to mitigation in 6 hours. Makes my geeky little heart swell 3 sizes just thinking about it. Great job, Geeks!

comments powered by Disqus