The official website of CPUID, the developer of the popular hardware monitoring tools CPU-Z and HWMonitor, was recently compromised to distribute malware-infected versions of its software. The breach was first reported by security researchers and users on social media platforms X and Reddit.
What Happened?
Attackers managed to hack into the CPUID website and modify the download links for CPU-Z and HWMonitor. Instead of the legitimate software, users were directed to download malicious versions. Several users on Reddit reported that their antivirus software flagged the downloads as malware. The compromised downloads were later analyzed on VirusTotal, confirming the presence of malware.
CPUID’s Response
CPUID has since confirmed the security breach, stating that the attackers used a compromised API to place the malicious links on their website. The company has taken its website offline for a period to address the issue and has now removed the malicious links. However, at the time of writing, there is no official statement or warning about the incident on the CPUID website. This incident is another example of a supply-chain attack, where a trusted vendor’s website is used to distribute malware.
What Should You Do?
If you have recently downloaded CPU-Z or HWMonitor from the official website, it is crucial to scan your system with a reputable antivirus software. It is also recommended to only download software from official sources and to be cautious of any security warnings from your antivirus program. Users of package managers like Winget or PatchMyPC are also advised to verify the integrity of their downloads.
