CPU-Z and HWMonitor Are Malware!?

The video exposes a supply‑chain breach affecting the official installers of CPU‑Z and HWMonitor. A compromised cryptbase.dll was injected into the legitimate download packages, turning these popular system‑info tools into malware droppers. The malicious DLL contacts a remote command‑and‑control server, retrieves a C# source file, and invokes the .NET compiler on the victim’s machine. The code is built entirely in memory, leaving no on‑disk payload, which defeats most traditional antivirus signatures. It also includes VM‑evasion checks and focuses on harvesting browser passwords and other online credentials. The presenter cites VX‑Underground’s analysis, noting 42 AV detections for the infected version versus none for the clean DLL. He demonstrates the behavior with Process Explorer, showing the DLL load and self‑termination. The incident follows a recent 7‑Zip supply‑chain attack, highlighting that even official vendor sites can be compromised. For enterprises and security‑conscious users, the breach underscores the fragility of trust in third‑party utilities. Deploying zero‑trust application control, behavioral monitoring, and strict allow‑lists are recommended to mitigate similar threats in the future.