The official website for CPUID was hijacked between April 9 and April 10, 2026, causing users to download malware-infected versions of the popular HWMonitor and CPU-Z software tools.

Key Points

• Attackers exploited a vulnerability in the CPUID API to redirect official download links to malicious installers.
• The infected files contained a fake CRYPTBASE.DLL component designed to steal browser-stored passwords, particularly from Google Chrome.
• The malware utilized fileless techniques, such as PowerShell commands in RAM, to evade traditional security detection methods.
• CPUID resolved the security breach within six hours of the initial site hijacking.
• Users who installed or updated these programs during the two-day window are advised to perform an immediate antivirus scan.

Why it Matters

This incident highlights that even trusted developer websites can be compromised, rendering traditional safety advice insufficient against sophisticated supply chain attacks. It serves as a critical reminder for users to heed antivirus warnings, as ignoring these alerts was the primary factor that allowed the malware to successfully execute on victim machines.