Published 20 days ago • loading... • Updated 19 days ago

CPUID Hijacked to Serve Malware as HWMonitor Downloads

CPUID confirmed a backend breach this week when attackers compromised a secondary API, redirecting downloads for CPU-Z and HWMonitor to malicious versions before the company fixed the issue.
Attackers hijacked a backend component to redirect download traffic to Cloudflare storage, allowing hackers to swap legitimate installers for trojanized versions without tampering with the signed software builds themselves.
Malicious installers, often named "HWiNFO_Monitor_Setup.exe," were flagged by 20 AVs on VirusTotal; analysis suggests the malware targeted 64-bit users and included a fake CRYPTBASE to blend into Windows.
Researchers identified the payload as an infostealer, potentially classified as Artemis Trojan or Tedy Trojan, which interacts with Google Chrome to access stored credentials and mirrors tactics used against FileZilla recently.
Investigations remain ongoing regarding how the API was accessed; this incident underscores that attackers can deliver malware by exploiting distribution infrastructure rather than touching the source code itself.

Insights by Ground AI

16 Articles

PC Mag

Lean Left

Hacker Hijacks Downloads for Popular PC-Monitoring Tools to Serve Malware

Those who tried to download CPU-Z and HWMonitor from CPUID.com on Thursday night got a Trojan instead.

20 days ago·United States

Read Full Article

The Register

Center

CPUID hijacked to serve malware as HWMonitor downloads

: Six-hour breach turned trusted links into a coin toss between legit tools and credential stealers

20 days ago

Read Full Article

BleepingComputer

Center

Supply chain attack at CPUID pushes malware with CPU-Z/HWMonitor

Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools.

20 days ago

Read Full Article

instalki.pl

Cpu-Z and Hwmonitor Are Infected. Uninstall Them Immediately.

Cybercriminals have infected the website of CPUID, the creators of the popular CPU-Z and HWMonitor programs. As a result, both tools have become hosts of dangerous malware. CPU-Z and HWMonitor infected by hackers. Bad news for anyone using the HWMonitor temperature and voltage monitoring program and the CPU-Z application, often used by testers and overclockers. According to user X, nicknamed vx-underground, scammers have attacked the CPUID websi…

19 days ago

Read Full Article

GIGAZINE

Malware Found in "Cpu-Z" and "Hwmonitor," Distribution Site Cpuid Reports Being Hacked.

CPUID, a company that distributes software for benchmarking and monitoring Windows and Android devices, has been hacked, and malware was found to have been embedded in its CPU-Z software, which retrieves and displays CPU information on devices, and HWMonitor, which monitors hardware. CPUID has acknowledged that the breach lasted for approximately six hours, but has reported that the issue has been fixed.

19 days ago

Read Full Article

Malware Analysis, News and Indicators

How CPUID's HWMonitor Supply Chain Was Hijacked to Deploy STX RAT

Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enroll Now and Save 10%: Coupon Code MWNEWS10 Note: Affiliate link – your …

20 days ago

Read Full Article

Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/year