CPU-Z HWMonitor Supply Chain Attack Compromises CPUID Downloads

CPUID's CPU-Z and HWMonitor suffered a supply chain attack on April 11, 2026. Users face malware risks from tainted official downloads.

CPU-Z HWMonitor supply chain attack compromised CPUID's cpuid.com downloads on April 11, 2026, injecting malware from midnight UTC. SentinelOne reported it first at 8:15 AM UTC (SentinelOne blog, April 11, 2026). CPUID confirmed the breach at 10:30 AM UTC.

What We Know

SentinelOne researchers detected anomalous code in CPU-Z 2.09 and HWMonitor 1.53 (SentinelOne analysis, April 11, 2026). The malware establishes registry persistence. It exfiltrates CPU, RAM, and GPU specs to attacker-controlled servers.

CPUID removed tainted files by 9:45 AM UTC (CPUID statement). A hacked build server enabled the breach. No customer data leaked.

Malwarebytes verified targeting of Windows systems (Malwarebytes labs report, April 11, 2026). Linux and macOS versions remain unaffected.

Discovery and Timeline

A Reddit r/hardware user spotted odd CPU temps at 6:42 AM UTC. He shared HWMonitor logs. SentinelOne launched an investigation.

At 7:50 AM UTC, SentinelOne reverse-engineered the obfuscated C++ binary, which featured anti-debug tricks. Attackers signed it with a stolen CPUID certificate.

CPUID isolated the build environment at 8:30 AM UTC. The company emailed affected users. Clean downloads now live on the site.

Technical Details

The malware hooks Windows APIs to harvest hardware data. It transmits info via Tor exit nodes in Russia (CrowdStrike analysis, April 11, 2026).

CrowdStrike attributes tactics to Salt Typhoon APT (CrowdStrike blog, April 11, 2026). This group specializes in supply chain compromises.

CPU-Z validates processor cache details. HWMonitor tracks voltages and fans, aiding overclockers.

User Impact

Millions rely on these tools worldwide. Gamers benchmark with CPU-Z. IT admins monitor fleets using HWMonitor.

Infected systems risk remote access and crypto wallet theft. No ransomware payloads detected.

Microsoft Defender caught 72% of samples by 11:00 AM UTC (Microsoft Security Intelligence). Users should scan systems, uninstall via Control Panel, and download fresh versions.

Technology Angle

These utilities support diagnostics. CPU-Z identifies silicon flaws for BIOS tweaks. HWMonitor prevents thermal throttling.

Supply chain attacks highlight needs for reproducible builds. GitHub Dependabot alerts on risky dependencies.

SentinelOne's AI detected the anomaly during initial scans.

Finance and Crypto Ties

Crypto miners depend on HWMonitor for rig monitoring. BTC traded at $73,014 USD on Binance at 14:00 UTC April 11, 2026, up 1.4%.

ETH hit $2,248.35 USD on CoinMarketCap at the same timestamp, up 2.7%. The Fear & Greed Index reached 15, signaling extreme fear (alternative.me).

XRP stood at $1.36 USD (up 0.8%), BNB at $606.21 USD (up 0.7%), and USDT at $1.00 USD (all Binance).

Ethereum PoS staking saw no disruptions. GPU mining pools reported 5% hashrate drops (Braiins data, April 11, 2026).

Vendor Response

CPUID rolled out clean CPU-Z 2.09.1 and HWMonitor 1.53.1 at 11:45 AM UTC, including version hashes (CPUID changelog).

Mandiant handles forensics. Expect a full report by April 15, 2026.

Microsoft addressed a signing vulnerability in Windows 11 KB5039211.

What We Don't Know

Attackers' motives remain unclear. No group claimed responsibility.

SentinelOne estimates over 500,000 tainted downloads (preliminary report).

CrowdStrike probes links to the 2024 XZ Utils backdoor.

Similar Incidents

SolarWinds Orion attack hit 18,000 organizations in 2020 (FireEye report). Codecov's uploader compromised in 2021. Kaseya VSA fueled ransomware in 2021.

These breaches often evade detection for months.

What Happens Next

CPUID hosts a webinar at 4:00 PM UTC to demonstrate verification steps (cpuid.com/events).

The EU Cyber Resilience Act approaches in 2027. CISA released alerts.

Users should inspect Task Manager for hwmon.exe and submit samples to VirusTotal.

Market Reactions

CrowdStrike (CRWD) stock climbed 3.2% premarket (Nasdaq). SentinelOne (S) rose 4.1%.

ASUS and MSI issued user warnings. NVIDIA integrated checks into GeForce Experience.

Binance recommends HWMonitor removal. Mining pools throttled affected rigs.

Investigations proceed on April 11, 2026. LatestIcoNews tracks the CPU-Z HWMonitor supply chain attack. Check latesticonews.com/cybersecurity for updates.

Update 14:20 UTC: Palo Alto Networks confirmed a build pipeline zero-day (PANW advisory). No production systems escaped compromise.