CPUID site served malware for hours
The CPUID website (CPU‑Z, HWMonitor) was manipulated and served malware to visitors for several hours, according to reporting on the incident. The coverage notes that widely distributed admin utilities can become a vector when tool installers are weaponised on engineering or admin endpoints (heise.de).
Attackers hijacked part of CPUID’s website on April 9 and 10 and served malware instead of CPU-Z and HWMonitor downloads for about six hours. (bleepingcomputer.com) CPUID’s Samuel Demeulemeester told Cybernews that a “secondary feature,” described as a side application programming interface, was compromised between April 9 and April 10, 2026. He said the company’s signed original files were not altered, but the main site “randomly display[ed] malicious links” during that window. (cybernews.com) BleepingComputer reported that the attackers changed download links on the official CPUID site, so visitors clicking for installers were sent to malicious executables instead. SecurityWeek said the files delivered a remote access trojan known as STX RAT. (bleepingcomputer.com, securityweek.com) CPU-Z and HWMonitor are hardware utilities: they read details like processor model, temperatures, voltages, fan speeds, and memory timings from a Windows computer. CPUID’s product pages describe CPU-Z as a system information tool and HWMonitor as a sensor-reading monitor for voltages, temperatures, power, current, and fan speed. (cpuid.com, cpuid.com) That makes the attack a software supply-chain problem: the program itself may be legitimate, but the delivery path is poisoned. The Register said the breach turned trusted links on a well-known admin site into a “coin toss” between real tools and malware. (theregister.com) Heise reported that system utilities like these are often used on engineering and administrator machines, which can hold credentials, network access, and sensitive configuration data. A trojanized installer on that kind of endpoint can give an attacker a foothold far beyond one desktop. (heise.de) CPUID said the breach was fixed after discovery, and current product pages for CPU-Z and HWMonitor are back online. The company has not posted a public incident report on its news page, but its site remains the official distribution point for both tools. (cybernews.com, cpuid.com, cpuid.com) The episode left a narrow but serious exposure window: users who downloaded from the official site during those April 9 to April 10 hours may have done everything “right” and still received malware. That is the part security teams now have to unwind. (hothardware.com, heise.de)
