CPUID website hacked: users report HWMonitor and CPU-Z delivering malware

Published: 10 April 2026
Last updated: 10 April 2026
CPUID compromise
Image by Cybernews.

CPUID confirms its website has been compromised. Downloading HWMonitor and CPU-Z, popular Windows utilities, infected some users with malware.

Update: The CPUID website was compromised for a few hours to deliver malware.

“Investigations are still ongoing, but it appears that a secondary feature (basically a side API) was compromised for approximately six hours between April 9th and April 10th, causing the main website to randomly display malicious links (our signed original files were not compromised). The breach was found and has since been fixed,” Samuel Demeulemeester told Cybernews.

ADVERTISEMENT

“It looks like they waited until Franck was on leave before launching the attack”

Franck Delattre is the creator of CPU-Z and the founder of CPUID.

Demeulemeester apologizes for the inconvenience.

“I did my best to fix that mess as soon as possible.”

Users reported compromise

CPUID is a French software company behind popular hardware information and monitor tools to track temperatures, voltages, fan speeds, power, and other parameters.

Its website, which hosts the apps, is unavailable at the time of writing.

Initial reports about the suspected cyberattack began to surface Thursday evening, around 9 p.m. UTC.

ADVERTISEMENT

“I checked in the application if there was any update, and yes. The application told me to update to 1.63. I clicked on update, and the official CPUID page opened. I followed the page to download the latest version. The file was called ‘HWiNFO_Monitor_Setup.exe.’ After the download, my Windows Defender instantly detects a virus,” a Reddit user reported.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

They checked the update file on VirusTotal, an online service that scans files and links for malware, and it confirmed that the file is malicious, flagged by at least 32 security vendors as trojan.

Chris Titus, a tech content creator and creator of a popular Windows debloating utility, shared reports on two compromised utilities, CPU-Z and HWMonitor.

“Millions about to be PWNED!” the YouTuber warned.

It appears that the website compromise is the reason why some users are getting malicious downloads.

“ALERT: The CPUID website that hosts HWMonitor, CPU-Z, and other software has been hacked and was redirecting to infected installers – this also affected updates made through both software,” warned Renan Maniero, a technology enthusiast.

Malware analysts at vx-underground confirmed the compromise, noting that the multi-staged malware is distributed from a compromised domain (cpuid.com), is deeply trojanized, operates almost entirely in memory, and uses "interesting methods” to evade detection. The command-and-control center domain is hardcoded in one of the binaries.

ADVERTISEMENT

Attackers are likely targeting credentials

Vx-underground analyzed the malicious payload in more detail.

“Whoever developed this malware actually cares about evasion and made some intelligent decisions when developing this malware payload,” the analyst posted on X.

“It appears the ultimate goal of this malware is data theft, specifically browser credentials.”

During the cyberattack, an unknown threat actor hosted the malicious payloads at supp0v3[.]com, the same infrastructure was used in a previous malware campaign targeting FileZilla in the beginning of March of 2026, reported by MalwareBytes.

Attackers named malicious payload file CRYPTBASE.dll, to masquerade as a legitimate Windows library used by the actual HWMonitor. While the malware attempts but fails to detect emulation and prevent reverse engineering. Malware uses powershell to fetch the payloads from the attacker controlled servers.

“Overall I give this malware a B-. This is pretty good malware,” vx-underground said.

CPUID develops CPU-Z, HWMonitor, HWMonitor PRO, PerfMonitor 2, and powerMAX applications.

Security experts warn users to avoid running unverified installers and to verify hashes before downloading or updating any affected applications.

ADVERTISEMENT

If the malware has been installed, users should assume compromise and their sensitive data, such as passwords or crypto wallets, might be at risk, requiring them to rotate the credentials and clean the device. As a precaution, review activity on important accounts and check that multi-factor authentication is enabled.

Updated on April 10th [08:30 a.m. GMT] with a comment from CPUID.

Updated on April 10th [10:00 a.m. GMT] with additional information.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked