Overview
- CPUID’s official CPU-Z and HWMonitor download pages briefly served malicious installers Friday after attackers altered the site’s links.
- Reddit users DMkiIIer and OthoAi5657 first spotted odd filenames and a Russian setup screen that did not match the expected installers.
- Windows Defender and other scanners flagged the downloads, and security group vx-underground said the payload runs mostly in memory and uses tactics to bypass EDR and antivirus tools.
- The download links now appear to be back to normal, and CPUID has not issued a public statement, though the developer said a side API was likely compromised for about six hours.
- Users should check expected filenames and digital signatures and run updated scans, with researchers noting overlaps with a March FileZilla download-site attack.