A number of trusted PC tools were briefly used to spread malware after a website was hijacked and its downloads manipulated.
CPU-Z and HWMonitor are popular free tools from CPUID. CPU-Z provides you with detailed specs of your PC’s processor, motherboard, and memory, while HWMonitor tracks real-time temperatures, voltages, and fan speeds. They’re incredibly useful tools and give you early alerts if your PC is starting to struggle. Unfortunately, due to a website hijack, users were unwittingly downloading malware instead of the genuine apps. So, instead of protecting PCs from technical failures, these downloads were opening them up to a world of trouble.
Luckily, Ophtek has the inside scoop on the story and can show you how to protect your PCs from this and similar attacks.
When Downloads are Hijacked
The attack was short-lived but had the potential to be highly damaging to both CPUID and its users. Over the course of six hours, between April 9 and April 10 2026, the attackers were able to unleash their attack. By compromising a secondary system on CPUID’s website, the hackers were able to access the service which handles download links. Rather than installing malicious files directly in place of official ones, the attackers deceptively changed the download process.
Visitors to the site may have thought they were clicking normal, official download buttons, but these were far from genuine. Instead, these served up malicious installers offering files with similar names, such as HWiNFO_Monitor_Setup.exe. Reports have also mentioned that the installer, in some cases, appeared in Russian. Within these malicious files, there was often a fake CRYPTBASE.dll file – this allowed the malware to run quietly in the background thanks to DLL sideloading.
Once active, the malware was designed to work through a number of stages. Based mostly in the PC’s memory – to help avoid detection – the malware set about harvesting passwords and details stored in browsers, with an emphasis on Chrome. Fortunately, users and security researchers noticed this threat early on, helped by antivirus software flagging unusual installation behavior.
CPUID were able to move quickly and the download delivery system was swiftly fixed and declared safe. CPUID also confirmed that their official software had not been altered and any existing versions, which were correctly signed, were safe. However, the attack stands as an important reminder that supply chains are increasingly being targeted by cybercriminals.
How Do You Stay Safe from Hijacked Downloads?
As PC users, we’re generally safe when we’re online. If we see something suspicious, it rings alarm bells and we question it. But when it’s a trusted website, such as CPUID, we tend to be more comfortable. Nonetheless, this trusting behavior can be dangerous as this is what hackers are looking to exploit. To stay safe, make sure you follow Ophtek’s best advice:
- Always Verify Downloads: Even on trusted websites, make sure that you verify the file name and version match exactly what you should be downloading. A slightly different name, the presence of a typo, or a different file format should be an instant red flag.
- Keep Your Antivirus Tools Up to Date: The latest threats should always be picked up by updated security software. This means that any suspicious installer activity can be detected and blocked before it takes control of your PC.
- Monitor Unusual Activity: If an installer starts to act suspiciously, such as running in a different language or presenting unusual prompts, stop the installation immediately and investigate with an IT professional.
For more ways to secure and optimize your business technology, contact your local IT professionals.
