CPU-Z Supply Chain Attack Compromises HWMonitor

CPUID disclosed a supply chain attack on CPU-Z 2.09 and HWMonitor 1.53 downloads starting April 8, 2026. Users face malware risks; follow steps to scan, remove threats, and secure hardware monitoring.

CPUID disclosed a CPU-Z supply chain attack on April 11, 2026. Attackers compromised downloads of CPU-Z 2.09 and HWMonitor 1.53 since April 8, 2026.

Users who downloaded from cpuid.com risk malware that steals credentials and crypto keys. PC builders rely on these tools for CPU clocks, GPU temps, and voltages (CPUID statement).

CPU-Z Supply Chain Attack Details

CPUID detected unusual server traffic on April 11, 2026. BleepingComputer identified the malware as a trojan that mimics legitimate installers.

The trojan activates after installation. It grabs browser cookies, passwords, and crypto wallets like MetaMask (BleepingComputer, April 11, 2026). Attackers used a stolen CPUID certificate. This bypassed Windows Defender on 78% of systems (CPUID analysis).

Bitcoin traded at $72,852 USD, up 1.3% that day (CoinMarketCap, April 11, 2026). Ethereum reached $2,240 USD (CoinGecko, April 11, 2026). Miners risk losing entire rig investments from such thefts.

Compromise Mechanics

Downloads from cpuid.com unpack legitimate apps plus a hidden loader. The loader connects to an Eastern European command-and-control server.

It targets chrome.exe and firefox.exe for autofill data. Crypto scans hunt wallet.dat files and seed phrases. Data uploads via HTTPS (CPUID forensics).

A Reddit r/overclocking user lost 0.5 BTC after installing HWMonitor on a Ryzen 9 9950X rig (reddit.com/r/overclocking, April 11, 2026). Benchmarks confirm Ryzen 9 9950X hits 5.7 GHz boost clocks, which users monitor closely.

High-Risk Users

PC enthusiasts benchmark Intel Core Ultra 200 CPUs and NVIDIA RTX 5090 GPUs with CPU-Z every day. These tools validate 24-core performance and 32GB GDDR7 memory bandwidth.

IT admins track TDP ratings up to 600W on AI workstations via HWMonitor. Miners prevent thermal throttling on NVIDIA A100 GPUs in Ethereum Classic pools.

XRP traded at $1.35 USD. BNB stood at $605 USD (CoinMarketCap, April 11, 2026). Overclockers on AMD Threadripper PRO 7995WX systems face high exposure with 96 cores at 350W TDP.

Windows 11 24H2 users with Microsoft Intune whitelists often miss these detections.

Financial Repercussions

Crypto miners operate rigs with 100 NVIDIA RTX 4090 GPUs. A single wallet theft costs $10,000 USD or more in BTC value (industry estimate). NVIDIA reported Q1 2026 GPU sales at $22.6 billion USD, up 262% year-over-year, but security breaches erode miner confidence.

PC builders delay upgrades. AMD stock (AMD) dipped 0.8% to $185.20 USD post-news (Nasdaq, April 11, 2026). Intel (INTC) held steady at $42.50 USD amid Core Ultra scrutiny.

Supply chain attacks signal risks to hardware diagnostics firms. CPUID faces reputational damage, potentially impacting tool adoption in enterprise benchmarks.

Protection Steps

1. Uninstall CPU-Z and HWMonitor via Windows Settings > Apps. Delete remnants in C:\Program Files\CPUID.

2. Run Malwarebytes free scan and Windows Defender offline mode. Quarantine files like CPUID-loader.exe.

3. Change all passwords from a clean device. Enable 2FA on email, exchanges, and GitHub accounts.

4. Download verified versions from github.com/CPUID. Check SHA-256 hashes listed on the repo (release April 11, 2026).

5. Boot into Safe Mode. Use Autoruns from Sysinternals to remove hwmonitordrv.sys tasks and startup entries.

These steps neutralize 95% of payloads (CPUID tests). Verify system integrity with sfc /scannow in admin Command Prompt.

Recommended Security Tools

Malwarebytes Premium scans at 500 MB/s speeds for $44.99 USD per year. Pair it with ESET NOD32 Antivirus for layered detection.

Self-host Vaultwarden password manager via Docker on a Ryzen 5 7600X NAS build. Total cost stays under $500 USD with 1TB NVMe storage.

Enable Chrome Enhanced Safe Browsing. Google data shows it blocks 99% of phishing attempts.

Enterprises deploy CrowdStrike Falcon. It monitors CPUID processes through Group Policy Objects (GPOs).

IT and Enterprise Implications

VMware vSphere admins use HWMonitor for host temperatures. Apply ESXi 8.0 Update 3 patches immediately.

Microsoft recommends Intune policies to block unsigned downloads. Azure Sentinel alert volume spiked 12% (Microsoft, April 11, 2026).

GPU trading rigs require air-gapped virtual machines for monitoring. Isolate tools from production crypto nodes.

Long-Term Secure Habits

Scan all downloads on VirusTotal before installation. Subscribe to CPUID RSS feeds for updates.

Switch to alternatives like HWInfo 8.02 or Open Hardware Monitor. Both deliver accuracy within 2% of CPU-Z on Intel Core i9-14900K at 6.0 GHz all-core loads.

Update BIOS firmware on ASUS ROG Strix Z890 motherboards. Enable Secure Boot and TPM 2.0.

Rotate crypto wallets every quarter. Adopt YubiKey 5 NFC hardware keys for $50 USD each. Chainalysis reported these measures stopped 85% of Q4 2025 attacks (Chainalysis report, January 2026).

The CPU-Z supply chain attack highlights vulnerabilities in hardware monitoring tools. PC builders must protect these essentials to safeguard builds, benchmarks, and investments.