CPUID download links were temporarily compromised

CPUID, the company behind CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, was reportedly hit by a security incident on April 9–10, 2026. During that window, download links shown on the official website were replaced with links to malicious files.

According to public reporting, CPUID said a secondary or side API was compromised, while its original signed binaries were not directly altered. Researchers said the malicious-link window lasted from about April 9, 15:00 UTC to April 10, 10:00 UTC.

What the malware did

Researchers reported that the trojanized downloads bundled a legitimate signed executable with a malicious file named CRYPTBASE.dll. That DLL was used for DLL sideloading, allowing malware to run when the legitimate application launched.

Analysis published after the incident linked the payload to STX RAT, a remote access trojan with information-stealing capability. Security researchers also said the malware used anti-sandbox checks and command-and-control communication to fetch or execute additional payloads.

Which products were reportedly affected

  • CPU-Z 2.19
  • HWMonitor 1.63
  • HWMonitor Pro 1.57
  • PerfMonitor 2.04

What users should do

If you downloaded or updated one of these tools from cpuid.com during the affected period, treat the system as potentially exposed. Remove the affected software, run a full antivirus scan, review startup and scheduled tasks, and rotate passwords stored in browsers or on the machine.

After cleanup, reinstall only from the now-restored official source and verify the file version, signature, and hash where possible.

Why this matters

This is a reminder that software supply-chain attacks do not always require attackers to modify the original application binary itself. In this case, poisoning the download flow was enough to put users at risk.