CPUID Site Breached: CPU-Z and HWMonitor Served Malware

Published 10 Apr 2026, 18:05 Updated 10 Apr 2026, 18:07 3 min read Talia Emily Rogic (Editor-in-Chief & Founder)

Unknown attackers compromised CPUID's website and redirected download links for CPU-Z and HWMonitor to malware-laden files. The breach reportedly lasted around six hours before being contained.

Unknown attackers breached the official website of CPUID, the French software developer behind widely used hardware diagnostics tools CPU-Z and HWMonitor, and replaced legitimate download links with files containing malware. According to reporting by Tom's Hardware, the compromise left visitors who attempted to download either application exposed to malicious software for approximately six hours before the situation was resolved. CPUID has not published a formal incident statement as of April 10, 2026, meaning full technical details of the attack remain unconfirmed from an official primary source.

What Happened During the Window of Exposure

The attack, as described in the Tom's Hardware report, involved redirecting the standard download paths on cpuid.com so that users received trojanized installers rather than the legitimate, signed builds. CPU-Z is a long-established system information utility used by enthusiasts and professionals to read processor, memory, and motherboard data. HWMonitor is a companion tool that logs voltages, temperatures, and fan speeds in real time. Both are among the most frequently downloaded utilities in the PC hardware space, which makes the distribution vector particularly efficient for an attacker seeking broad reach in a technically literate audience. The roughly six-hour window, if accurate, would have been sufficient to affect a meaningful number of downloads given the tools' popularity.

Attribution and Technical Scope Still Unclear

No threat actor has claimed responsibility, and no independent cybersecurity firm had published a formal analysis of the malware payload at the time of writing. It is not confirmed whether the attackers gained access to CPUID's server infrastructure directly, compromised a content delivery or hosting layer, or exploited another vector such as DNS hijacking. Each of those scenarios carries different implications for user risk and remediation scope. Without an official post-incident disclosure from CPUID or a detailed technical report from a named security researcher, the precise nature of the malware — whether it was an infostealer, a remote access trojan, or another class of threat — cannot be stated as established fact.

What Users Who Downloaded During That Period Should Do

Anyone who downloaded CPU-Z or HWMonitor from the CPUID website during the affected window should treat the installed file as potentially compromised. The safe course of action is to run a full system scan using an up-to-date endpoint security tool, check for any unauthorized processes or scheduled tasks introduced around the time of installation, and if in doubt, reinstall from a verified, freshly downloaded copy once CPUID confirms the site is clean. Users who obtained either application through a package manager or a separately verified mirror should assess whether that source pulls directly from CPUID's servers. CPUID has not yet issued public guidance on verification steps or confirmed the exact timeframe of the compromise, and Tom's Hardware's report remains the primary public account of the incident. Independent confirmation from a second major outlet or from CPUID itself is still pending.