CPUID Website Compromised - Weaponized HWMonitor and CPU-Z Tools

What Happened

The CPUID website, known for its widely used utilities CPU-Z and HWMonitor, has fallen victim to a significant supply chain attack. Users who downloaded HWMonitor version 1.63 or CPU-Z ZIP files since early April 2026 have reported receiving trojanized installers instead of the legitimate software. These malicious installers are capable of dropping harmful DLL files and can evade antivirus detection by executing in memory.

Who's Affected

Anyone who downloaded HWMonitor 1.63 or CPU-Z from cpuid.com during this timeframe is at risk. Users reported issues primarily through community platforms like Reddit, highlighting a concerning trend where expected files were replaced with suspicious ones, such as HWiNFO_Monitor_Setup.exe.

Signs of Infection

Reports indicate that users experienced unexpected alerts from Windows Defender and encountered Russian-language text during installation. The malicious payload is designed to drop a DLL file named cryptbase.dll, which is commonly used for stealthy execution techniques. This malware employs sophisticated methods to bypass traditional antivirus scanning, making it particularly dangerous.

How to Protect Yourself

• Do not download any files from cpuid.com until further notice.
• Immediately scan your system if you downloaded HWMonitor or CPU-Z after April 3, 2026.
• Look for cryptbase.dll in your application directories as a potential indicator of compromise.
• Consider switching to HWiNFO (hwinfo.com), a safe alternative for hardware monitoring.
• Always verify file hashes against official sources before executing any software.

This incident serves as a stark reminder that even trusted diagnostic tools can become vectors for malware when their underlying infrastructure is compromised. Users are urged to remain vigilant and take necessary precautions.