CPUID Site Hijacked To Serve Malware Instead of HWMonitor Downloads

Source: Slashdot

Incident Overview

Attackers briefly hijacked part of CPUID’s backend and swapped legitimate download links on its site with malware‑laced ones. The issue affected tools such as HWMonitor and CPU‑Z, with users on Reddit and other platforms noticing that installers triggered antivirus alerts or appeared under unusual filenames.

Details of the Breach

• CPUID confirmed the breach, attributing it to a compromised backend component rather than any tampering with its software builds.
• According to a post on X by one of the site’s owners, a secondary feature (essentially a side API) was compromised for approximately six hours, from April 9 to April 10. During this window the main website randomly displayed malicious download links.
• The signed original files themselves remained untouched, indicating that the build process was not breached; the compromise occurred in the layer that served the downloads.

“Investigations are still ongoing, but it appears that a secondary feature (basically a side API) was compromised for approximately six hours between April 9 and April 10, causing the main website to randomly display malicious links (our signed original files were not compromised),” – CPUID owner, X post.

Impact on Users

Anyone who visited the site during the affected period and clicked a swapped link would have downloaded the malicious payload, regardless of whether they recognized the altered filename.

Response and Mitigation

• CPUID identified the breach, removed the malicious links, and fixed the compromised backend component.
• The organization emphasized that the original, properly signed files were not altered.

References

• Original report: The Register
• Further reading: Slashdot article (link to the story)