Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
AsyncRAT Campaign Leverages ScreenConnect to Evade Detection
July 2, 2026
AsyncRAT Campaign Exploits Cloudflare Tunnels and Python for Malware Delivery
July 2, 2026
New Microsoft 365 Phishing Uses OAuth Device Code Flow to Steal Tokens
July 2, 2026
Home/CyberSecurity News/CPUID Website Compromised to Deliver Malware via HWMonitor and CPU-Z
CyberSecurity News

CPUID Website Compromised to Deliver Malware via HWMonitor and CPU-Z

Key Takeaways The official cpuid.com website, hosting popular utilities like HWMonitor and CPU-Z, was compromised to deliver malware. Users downloading HWMonitor 1.63 or CPU-Z ZIPs since early April...

Marcus Rodriguez
Marcus Rodriguez
April 10, 2026 3 Min Read
37 0

Key Takeaways

  • The official cpuid.com website, hosting popular utilities like HWMonitor and CPU-Z, was compromised to deliver malware.
  • Users downloading HWMonitor 1.63 or CPU-Z ZIPs since early April 2026 may have received trojanized installers.
  • The malicious payload employs DLL hijacking and in-memory execution to evade antivirus detection and establish attacker communications.
  • CPUID has not issued a public statement, but affected download links are now returning 404 errors, indicating the files have been removed.

The cpuid.com website, a trusted source for system diagnostic tools such as CPU-Z and HWMonitor, has been implicated in an ongoing supply chain attack. Reports indicate that users attempting to download specific versions of these utilities have instead received malicious installers.

Table Of Content

  • Key Takeaways
  • Website Compromised to Deliver Weaponized Versions
  • What You Should Do

Since early April 2026, individuals downloading HWMonitor 1.63 or CPU-Z ZIP packages from the official site have been served trojanized files. These installers are designed to deploy malicious DLLs, execute code in memory to bypass traditional antivirus scans, and establish covert connections to attacker-controlled infrastructure.

Website Compromised to Deliver Weaponized Versions

The compromise first came to light through community reports on Reddit on April 10, 2026. Users consistently reported that clicking the official HWMonitor 1.63 download link on cpuid.com did not yield the expected hwmonitor_1.63.exe file. Instead, they received a file named HWiNFO_Monitor_Setup.exe.

This filename appears to be a deliberate attempt to mislead users by combining elements of CPUID and HWiNFO, two reputable hardware monitoring brands. This tactic exploits users’ familiarity with trusted names, leading them to overlook discrepancies in the exact package filename.

Further evidence of compromise emerged as users reported Windows Defender alerts upon download, the appearance of Russian-language text within the Inno Setup installer wrapper, and multiple flags from various VirusTotal scanners.

Security researchers, including vx-underground, confirmed the active delivery of malware, describing it as “deeply trojanized” and distributed from the compromised cpuid.com domain.

The malicious payload has been observed dropping cryptbase.dll, a common technique for DLL hijacking that facilitates persistent and stealthy execution. The multi-stage threat leverages in-memory execution to bypass conventional antivirus scanning, rendering file-system level detection ineffective.

While a compromised download environment is confirmed, the exact mechanism of the breach remains under investigation. A notable technical asymmetry exists within the CPUID website’s infrastructure: the setup installer and ZIP packages for HWMonitor 1.63 are not served from the same sources. The setup path routes through download.cpuid.com, a dedicated subdomain, while the ZIP version links directly to a Cloudflare R2 object storage domain. This split infrastructure could represent a potential point of manipulation.

The most probable explanation at this juncture is that a download path within CPUID’s backend was redirected, replaced, or tampered with. It is crucial to distinguish this from a potential compromise of the HWiNFO project itself. HWiNFO’s official download page, hwinfo.com, lists version 8.44 (published March 4, 2026) as its current stable release, with a consistent version history and verified mirrors. An earlier Bitdefender detection of HWiNFO in January 2026 was identified as a false positive and is unrelated to the current incident.

The precise nature of the CPUID incident—whether it involves website defacement, a compromised backend object, server-side redirect manipulation, or a DNS hijack—has not yet been publicly confirmed. While forensic certainty is still pending, caution is strongly advised.

As of this report, download links on cpuid.com are returning 404 errors, suggesting that the site operators have removed the compromised files. CPUID has not yet issued a public statement, though the company is reportedly investigating the matter. Security researchers have analyzed the installer samples and flagged them on VirusTotal as multi-stage threats.

What You Should Do

  • Refrain from downloading anything from cpuid.com until the company issues an official “all-clear” and confirms the integrity of its downloads.
  • Immediately scan your system if you downloaded HWMonitor or CPU-Z from cpuid.com after April 3, 2026. Use a reputable antivirus solution with up-to-date definitions.
  • Check for the presence of cryptbase.dll in unexpected application directories as a potential indicator of compromise.
  • Consider switching to HWiNFO (hwinfo.com) as a safe and actively maintained alternative for hardware monitoring, ensuring downloads are from its official site.
  • Always verify file hashes against official vendor sources before executing any system utility installer to ensure its authenticity.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackExploitMalwareSecurityThreat

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

Previous Post

Critical GlassWorm Malware Spreads Via Trojanized VS Code Extensions

Next Post

Critical TP-Link Omada Flaws Let Attackers Remotely Control Devices

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Citrix Bleed (CVE-2023-4966) Critical Vulnerability Actively Exploited
July 2, 2026
DHS Confirms Breach of HSIN Information Sharing Network
July 2, 2026
ChatGPT Flaw Exposes User Files, Poses System Access Risk
July 2, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us