The popular applications HWMonitor and CPU-Z infected with malware
A recent cybersecurity incident has caught the attention of the IT community: the popular applications HWMonitor and CPU-Z, developed by CPUID, were used to distribute malware to users. This event highlights the increasing risks associated with supply chain attacks and the importance of verifying download sources.
What happened?
According to the latest information appearing on specialized sites (Cybernews, Tom’s Hardware, etc.), the official site of CPUID was compromised by unknown attackers. Following the breach, users downloading HWMonitor or CPU-Z received, instead of the legitimate applications, versions infected with malware.
The attack lasted approximately six hours and was made possible by compromising a secondary API of the site. During this time, the download links were redirected to domains controlled by the attackers, which delivered malicious files instead of the original ones.
It is important to note that the original files signed digitally were not compromised, only the distribution infrastructure.
How does this type of malware work?
The distributed malware is complex, multi-stage, designed to evade detection by antivirus solutions. Experts have observed that it operated almost entirely in memory and used advanced evasion techniques.
This type of malware uses PowerShell to download additional files from the attackers’ servers and leaves an address included in the code through which it receives commands.
To remain undetected, the infected file was named CRYPTBASE.dll, similar to the Windows library used by HWMonitor. The main goal of the attack was to steal sensitive data, especially credentials saved in the browser, such as passwords from Google Chrome.
In some cases, the downloaded files had suspicious names, such as “HWiNFO_Monitor_Setup.exe”, and showed unusual hints, such as executables in Russian.
Why is this incident important?
This case represents a clear example of a supply chain attack, where hackers do not directly compromise the application but the channel through which it is distributed. Such attacks are extremely dangerous because they target trusted software used by millions of people.
Additionally, the popularity of applications like CPU-Z (used for identifying hardware components) makes the potential impact very significant.
What should you do if you downloaded the infected applications?
If you downloaded or updated HWMonitor or CPU-Z during the affected period, experts recommend:
- Immediate uninstallation of the application
- Complete system scan with updated antivirus
- Changing all important passwords
- Enabling two-factor authentication (2FA)
- Checking the activity of online accounts.
If the malware was installed, there is a risk that personal data may have been compromised.
How to protect yourself in the future?
To avoid similar situations:
- Download software only from official sources and verify the integrity of the files
- Use updated antivirus solutions
- Be cautious of suspicious names or unusual behaviors during installation
- Compare hashes or digital signatures of files.
The HWMonitor and CPU-Z incident shows how vulnerable even the most popular applications can be. In 2026, online security is no longer just the developers’ responsibility but also the vigilance of users. Careful verification of downloads and adopting solid security practices can make the difference between a secure system and a compromised one.
Sources: tomshardware.com, cybernews.com
