Bad News If You Downloaded HWMonitor OR CPU-Z Late Last Week

The CPUID website suffered a brief but consequential breach on the night of April 9 and the early hours of April 10, during which threat actors seized control of the download portal for popular utilities HWMonitor and CPU‑Z. For roughly six hours the legitimate links were swapped with URLs that delivered malware‑laden executables. The attackers never altered the original installers stored on CPUID’s servers, but they succeeded in redirecting unsuspecting visitors to compromised files hosted elsewhere. CPUID detected the intrusion, expelled the intruders, and restored the correct links within minutes.

This episode underscores a growing trend in software supply‑chain attacks, where adversaries target the distribution channel rather than the code itself. By compromising a trusted vendor’s website, hackers exploit the implicit trust users place in official download pages, bypassing traditional antivirus heuristics that focus on known malicious binaries. The incident also highlights the importance of robust backend security, multi‑factor authentication, and continuous monitoring for anomalous link changes. As more enterprises rely on third‑party tools for diagnostics, the industry is urging vendors to adopt signed URLs, hash verification, and redundant hosting to mitigate similar threats.

For users who downloaded HWMonitor or CPU‑Z during the compromised window, the safest course is to run a full malware scan and, if any suspicious artifacts are found, reinstall Windows or at least replace the utilities with fresh copies from the restored CPUID site. Organizations should enforce software‑allowlist policies and verify file hashes against vendor‑published checksums. The breach serves as a reminder that even well‑known utilities can become attack vectors, prompting IT teams to prioritize verification of download sources alongside traditional endpoint defenses.