CPUID Download Links Hijacked: Beware of Infostealer Malware

In a concerning turn of events for the PC enthusiast community, the official download page for CPUID—the creators of the legendary CPU-Z and HWMonitor utilities—has been compromised. It appears that attackers managed to hijack the download links on the site, replacing the legitimate software installers with malicious files designed to steal sensitive user data.

This isn't your run-of-the-mill malware campaign. By targeting a platform that is deeply trusted by tech-savvy users and system builders, the attackers are able to bypass the usual skepticism people have when downloading executable files from the internet. If you have recently downloaded or updated any CPUID tools, you might want to double-check your system immediately.

The malicious files being distributed are identified as "infostealers." These types of programs are designed to quietly comb through your computer to find browser passwords, session cookies, cryptocurrency wallet details, and even Discord or Telegram tokens. Once the data is gathered, it is sent back to the attackers' server, often leading to identity theft or financial loss.

Security researchers noted that the hijacked links often pointed to external hosting services rather than CPUID's own servers. While the website itself might look normal, the underlying URLs for the "Setup" or "Zip" files were modified. It is a stark reminder that even the most established tools in the industry can become vectors for attack if their distribution infrastructure is compromised.

For our readers who frequently use these tools, we recommend checking the digital signatures of any recently downloaded CPUID files. If the signature is missing or doesn't match the official developer, delete the file and run a full system scan with a reputable antivirus. For now, it might be best to hold off on new downloads until CPUID confirms that their infrastructure is fully secured and the malicious links have been purged.