What happened in the CPUID hack ?

Hackers compromised CPUID's API, redirecting CPU-Z and HWMonitor downloads to a trojanized HWiNFO infostealer hosted on Cloudflare.

Is CPU-Z safe to download now?

Yes, after the fix—verify SHA-256 hashes from official site and scan with VirusTotal before running.

How do I check if I got the CPUID malware?

Run full scans with Malwarebytes or ESET; look for suspicious Russian installers or network calls in Task Manager.

🦠 Ransomware & Malware

CPUID's Trusted Tools Turn Toxic: Hackers Poison CPU-Z and HWMonitor Downloads

A quick download for CPU specs just infected thousands with sophisticated malware. CPUID's API breach shows how even trusted diagnostics become hacker bait.

Threat Digest Apr 11, 2026 3 min read

Compromised CPUID download page redirecting to malicious HWiNFO installer

⚡ Key Takeaways

Hackers used a compromised API to poison official CPU-Z and HWMonitor download links with advanced infostealer malware. 𝕏
The attack mirrors FileZilla's breach, targeting trusted utilities for maximum reach among millions of users. 𝕏
Verify file hashes before installing; CPUID has restored clean downloads but transparency lags. 𝕏

Published by

Threat Digest

Threat intelligence. Zero noise.

#CPU-Z malware #CPUID hack #HWMonitor trojan #infostealer trojan #supply chain attack

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Bleeping Computer

⚡ Key Takeaways

The 60-Second TL;DR

Threat Digest

Share this article

Worth sharing?

Related Stories

36 Fake npm Strapi Plugins Slip Redis and Postgres Backdoors into Dev Pipelines

North Korean Hackers Slip 1,700 Poison Pills into npm, PyPI, and Beyond

Smart Slider's Poisoned Update: Hackers Slip Backdoors into 900K WordPress Sites

PRT-Scan: AI Turns GitHub Misconfigs into Easy Supply Chain Prey

Stay in the loop