Red Alert: CPU-Z and HWMonitor, Malicious Installers Reported from Official Downloads

Two of the most popular utilities for hardware monitoring, CPU-Z and HWMonitor, are at the center of reports regarding possible compromises of the files distributed through official channels. Several users have reported that antivirus software identifies the downloaded installers as malicious, raising doubts about the safety of the sources.

The first evidence arose on forums and social media, particularly on Reddit, where some users noticed anomalies during the download of updates. In a documented case, the obtained file had an unexpected name compared to the standard naming convention of the software, suggesting a potential alteration of the distributed package.

Once executed, the file was flagged by Microsoft Defender as potentially harmful. Subsequent analyses conducted through VirusTotal revealed a high detection rate: over 30 antivirus engines out of about 70 classified the executable as malicious, associating it with various types of threats, including multi-stage trojans.

Further checks by independent security groups, such as vx-underground, indicate that this is not a false positive, but rather a real attack related to the compromise of part of the web infrastructure used for file distribution. According to these analyses, the malware was conveyed through a secondary pathway of the official domain.

The developer of CPU-Z and HWMonitor, Samuel Demeulemeester, has confirmed that internal investigations are underway. Initial checks suggest that the main application binaries have not been altered, while the compromise may have affected accessory components or APIs linked to the website, for a limited time frame of about six hours.

The situation remains evolving: while waiting for definitive clarifications, it is advisable to avoid downloading or updating these utilities and to pay attention to any alerts from antivirus software.