The download links for HWMonitor and CPU-Z were redirected to compromised versions of the files.
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works .
The website of CPUID, the maker of popular hardware monitoring tool HWMonitor and system information tool CPU-Z, has been breached by unknown attackers, and those who downloaded these tools were instead served with an infected file. According to vx-underground on X (expand the tweet below), a cybersecurity research collective, the threat actor compromised cpuid.com, and users who were trying to download the latest version of the tool were served with a compromised installer from supp0v3-dot-com, which was also used in a malware campaign launched in March 2026. A Reddit user said that this replaced the downloaded file for the latest version of HWMonitor, named hwmonitor_1.63.exe, with HWiNFO_Monitor_Setup.exe.
Yeah, so pretty much this https://t.co/Mwm1F8xKWT malware is a pain in the ass. I'd have to spend a good bit of time trying to bonk it with a stick and reconstruct some of it. Whoever developed this malware actually cares about evasion and made some intelligent decisions when… pic.twitter.com/XDJEhN4FDe April 10, 2026
It seems that the primary goal of the malware was to steal browser credentials, especially as it was trying to break into Google Chrome’s IElevation COM interface to try dumping and decrypting saved passwords. The malware is relatively complex, with vx-underground saying in another X post that it was deeply trojanized and uses interesting methods to evade endpoint detection and response and antivirus systems. The hackers behind it also compromised one of the most popular tools used by PC enthusiasts and professionals to execute a supply chain attack.
The developer behind these tools, Samuel Demeulemeester, released a statement on X , saying that the investigation into this breach is ongoing, but it seems that a side API was compromised for about six hours, causing the website to link to the malicious files. However, CPUID’s signed original files were not compromised, and the breach has since been fixed.
You may like Unofficial 7-zip.com website served up malware-laden downloads for over a week — infected PCs forced into a proxy botnet One of JavaScript's most popular libraries compromised by hackers Notepad++ update server hijacked in targeted attacks Given the popularity of HWMonitor and CPU-Z, many people have probably downloaded the infected files during that relatively short time frame. Windows Defender usually caught the malware before it was installed, and those who bypassed it would probably have noticed the weird Russian install program. However, there’s still a small chance that someone went through with the installation and got their system and stored credentials compromised.
Supply chain attacks have recently been gaining popularity as a method for spreading malware. For example, one of the most popular libraries in JavaScript was recently hit to deploy cross-platform remote access trojans in late March, while an unofficial 7-Zip website was compromised in January 2026 to infect PCs downloading the popular compression utility and make it part of a proxy botnet. Even updated servers could be compromised — this is what happened to Notepad++ in June 2025, where users who were updating the app using its built-in updater were infected.
Follow Tom's Hardware on Google News , or add us as a preferred source , to get our latest news, analysis, & reviews in your feeds.
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Key considerations
- Investor positioning can change fast
- Volatility remains possible near catalysts
- Macro rates and liquidity can dominate flows
Reference reading
- https://www.tomshardware.com/tech-industry/cyber-security/SPONSORED_LINK_URL
- https://www.tomshardware.com/tech-industry/cyber-security/hwmonitor-and-cpu-z-developer-cpuid-breached-by-unknown-attackers-cyberattack-forced-users-to-download-malware-instead-of-valid-apps-for-approximately-six-hours#main
- https://www.tomshardware.com
- Garage sale haul finds 2013 'trash can' Mac Pro nestled inside 2010 Mac Pro enclosure — Mac Pro inception still needs some work to get running
- Intel's EMIB-T packaging technology set for fab rollout this year — as TSMC CoWoS capacity remains limited,EMIB-T is preparing for advanced AI accelerator desig
- Garage sale haul finds 2013 'trash can' Mac Pro nestled inside 2010 Mac Pro enclosure — Mac Pro inception still needs some work to get running
- Score the AMD Ryzen 7 9800X3D with 32GB of fast DDR5 RAM and an Asus X870E gaming motherboard for under $990 in this epic Newegg bundle — $200 saving brings the
- Intel Arc GPUs can finally boot up and play 'Crimson Desert' — but you'll probably want to wait for official support
Informational only. No financial advice. Do your own research.