HWMonitor and CPU-Z download links were infected with malware for 6 hours before devs caught it

Two of the most popular hardware monitoring utilities, HWMonitor 1.63 and CPU-Z, were recently found to be infected with malware. The official websites were hacked, and users trying to download the latest version were getting flagged by antivirus software. After roughly six hours of investigation, the developers identified the breach and removed the malware. Both of the monitoring utilities are now safe to download.

The issue first surfaced on Reddit, where users reported that the official download links had been replaced with malware-infected executable files instead of the legitimate installers. User u/DMkiller shared that while updating HWMonitor from version 1.42 to 1.63, the downloaded file was named "HWiNFO_Monitor_Setup.exe" rather than the expected "hwmonitor_1.62."

When he ran the file, Windows Defender flagged it as a virus, and a quick check on VirusTotal returned 32 security flags. Further analysis by u/Hattix under the same post revealed that the official download links on CPUID's website pointed to a Russian domain with the page header "Установка - HWiNFO Monitor, версия 1.63".

Malware analysts at vx-underground confirmed the compromise, describing the threat as multi-staged, deeply trojanized, and operating almost entirely in memory. It was distributed from the compromised cpuid.com domain and uses techniques specifically designed to evade detection, with the command-and-control server domain hardcoded into one of the binaries.

The breach was later confirmed by CPU-Z and HWMonitor developer Samuel Demeulemeester, who clarified that the core binaries themselves were not altered. The compromise affected a secondary feature or API on the website, and the exposure window lasted approximately 6 hours.

If you downloaded or updated either of the two tools during that window, chances are your data is likely compromised. In that case, change your passwords quickly, check your cryptocurrency wallets, review recent account activity, and ensure multi-factor authentication is enabled across important accounts. Run a full system malware scan or, for maximum security, perform a clean operating system install.