{"id":24179,"date":"2026-04-13T11:00:09","date_gmt":"2026-04-13T02:00:09","guid":{"rendered":"https:\/\/minnano-rakuraku.com\/contents\/?p=24179"},"modified":"2026-04-16T14:30:52","modified_gmt":"2026-04-16T05:30:52","slug":"cpuid_malware-en","status":"publish","type":"post","link":"https:\/\/minnano-rakuraku.com\/contents\/en\/cpuid_malware-en-24179\/","title":{"rendered":"CPU-Z &#038; HWMonitor Hacked via Supply Chain Attack (April 2026) \u2013 How to Check Your PC"},"content":{"rendered":"<p><strong>Key Takeaways<\/strong><\/p>\n<ul>\n<li><strong>The Incident:<\/strong> Between April 9 and 10, 2026, the official CPUID website was compromised in a supply chain attack, distributing malware-infected versions of CPU-Z and HWMonitor.<\/li>\n<li><strong>The Threat:<\/strong> The malware utilizes a DLL hijacking technique\u2014hiding as a fake cryptbase.dll file\u2014to evade standard antivirus detection and operate directly in your system&#8217;s memory.<\/li>\n<li><strong>The Goal:<\/strong> Attackers aim to steal sensitive authentication data, particularly login credentials and session tokens saved in browsers like Google Chrome.<\/li>\n<li><strong>Immediate Action:<\/strong> If you downloaded these tools during the affected 6-hour window, you must immediately check for suspicious files like &#8220;HWinfo_monitor_setup.exe,&#8221; run a full system scan, and change all passwords from a separate, secure device.<\/li>\n<\/ul>\n<div class=\"related-posts-container\"><h5 class=\"related-posts-title\">Related Post<\/h5><div class=\"related-posts-list\"><div class=\"related-post-card-item\">\r\n                        <a href=\"https:\/\/minnano-rakuraku.com\/contents\/en\/chatgptcancellation-en-23769\/\" target=\"_blank\" rel=\"noopener noreferrer\">\r\n                            <div class=\"card-item-img\">\r\n                                <img decoding=\"async\" src=\"https:\/\/minnano-rakuraku.com\/contents\/wp-content\/uploads\/2026\/03\/chatgptcancellation_top-300x169.webp\" width=\"300\" height=\"169\" alt=\"Why 1.5M Users Canceled ChatGPT: The &#8216;QuitGPT&#8217; Movement and the Rise of Ethical AI\" loading=\"lazy\">\r\n                            <\/div>\r\n                            <div class=\"card-item-content\">\r\n                                <h6 class=\"card-item-title\">Why 1.5M Users Canceled ChatGPT: The &#8216;QuitGPT&#8217; Movement and the Rise of Ethical AI<\/h6>\r\n                                <p class=\"card-item-excerpt\">Key Takeaways The &quot;QuitGPT&quot; Exodus: In late Februa...<\/p>\r\n                                <time class=\"card-item-date\" datetime=\"2026-03-05\">2026.03.05<\/time>\r\n                            <\/div>\r\n                        <\/a>\r\n                    <\/div><\/div><\/div>\n<h2>Are CPU-Z and HWMonitor Safe to Use?<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/minnano-rakuraku.com\/contents\/wp-content\/uploads\/2026\/04\/cpuid_malware_site.jpg\" alt=\"CPUID Top Page Capture\" width=\"600\" height=\"265\" class=\"aligncenter\" \/><\/p>\n<p style=\"text-align: right;\">(Source: <a href=\"https:\/\/cpuid.com\/\" target=\"_blank\" rel=\"noopener\">CPUID<\/a>)<\/p>\n<p>Historically, <a href=\"https:\/\/cpuid.com\/softwares\/cpu-z.html\" target=\"_blank\" rel=\"noopener\">CPU-Z<\/a> and <a href=\"https:\/\/cpuid.com\/softwares\/hwmonitor.html\" target=\"_blank\" rel=\"noopener\">HWMonitor<\/a> have been entirely safe and trusted by tens of millions of PC builders, gamers, and IT administrators worldwide. However, <strong>if you downloaded or updated these tools between April 9 and April 10, 2026, your PC may be infected with a severe Trojan malware<\/strong>.<\/p>\n<p>Because the hackers infiltrated <a href=\"https:\/\/cpuid.com\/\" target=\"_blank\" rel=\"noopener\">the official CPUID<\/a> infrastructure, users who followed standard, safe downloading practices were unknowingly exposed to a highly sophisticated cyberattack.<\/p>\n<div class=\"related-posts-container\"><h5 class=\"related-posts-title\">Related Post<\/h5><div class=\"related-posts-list\"><div class=\"related-post-card-item\">\r\n                        <a href=\"https:\/\/minnano-rakuraku.com\/contents\/en\/moltbook-en-23637\/\" target=\"_blank\" rel=\"noopener noreferrer\">\r\n                            <div class=\"card-item-img\">\r\n                                <img decoding=\"async\" src=\"https:\/\/minnano-rakuraku.com\/contents\/wp-content\/uploads\/2026\/02\/moltbook_top-300x169.webp\" width=\"300\" height=\"169\" alt=\"Moltbook Explained: Inside the &#8220;Humans Banned&#8221; Social Network Where AI Agents Create Religions\" loading=\"lazy\">\r\n                            <\/div>\r\n                            <div class=\"card-item-content\">\r\n                                <h6 class=\"card-item-title\">Moltbook Explained: Inside the &#8220;Humans Banned&#8221; Social Network Where AI Agents Create Religions<\/h6>\r\n                                <p class=\"card-item-excerpt\">Definition: Moltbook is a Reddit-style social netw...<\/p>\r\n                                <time class=\"card-item-date\" datetime=\"2026-02-24\">2026.02.24<\/time>\r\n                            <\/div>\r\n                        <\/a>\r\n                    <\/div><\/div><\/div>\n<h2>How to Check If Your PC is Infected<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/minnano-rakuraku.com\/contents\/wp-content\/uploads\/2026\/04\/cpuid_malware_cpuz.jpg\" alt=\"CPU-Z\" width=\"400\" height=\"399\" class=\"aligncenter\" \/><\/p>\n<p>If you visited the official CPUID website (cpuid.com) during early April 2026, you must immediately verify your system&#8217;s integrity. Look for the following red flags:<\/p>\n<ul>\n<li><strong>Suspicious File Names:<\/strong> If you attempted to download HWMonitor but received a file named HWinfo_monitor_setup.exe, your download was intercepted. <em>(Note: &#8220;HWiNFO&#8221; is a legitimate, separate tool by a different developer; the attackers intentionally used a confusingly similar name to deceive users.)<\/em><\/li>\n<li><strong>Presence of cryptbase.dll:<\/strong> If you downloaded the portable ZIP versions of CPU-Z (such as version 2.19) or HWMonitor, extract the folder and check for a file named cryptbase.dll. While the main executable (.exe) file is authentic and digitally signed, having this fake DLL in the same folder automatically triggers the malware.<\/li>\n<li><strong>Unexpected Russian Language:<\/strong> CPUID is a French software company. If you launch the installer and the setup screen is in Russian, cancel it immediately\u2014it is a fake, malicious file.<\/li>\n<\/ul>\n<div class=\"related-posts-container\"><h5 class=\"related-posts-title\">Related Post<\/h5><div class=\"related-posts-list\"><div class=\"related-post-card-item\">\r\n                        <a href=\"https:\/\/minnano-rakuraku.com\/contents\/en\/7-zip-en-23439\/\" target=\"_blank\" rel=\"noopener noreferrer\">\r\n                            <div class=\"card-item-img\">\r\n                                <img decoding=\"async\" src=\"https:\/\/minnano-rakuraku.com\/contents\/wp-content\/uploads\/2026\/01\/7-zip_top-300x169.webp\" width=\"300\" height=\"169\" alt=\"Warning: Fake 7-Zip Sites Are Topping Search Results \u2013 How to Spot the Real Deal and Stay Safe\" loading=\"lazy\">\r\n                            <\/div>\r\n                            <div class=\"card-item-content\">\r\n                                <h6 class=\"card-item-title\">Warning: Fake 7-Zip Sites Are Topping Search Results \u2013 How to Spot the Real Deal and Stay Safe<\/h6>\r\n                                <p class=\"card-item-excerpt\">&quot;I tried to download 7-Zip, but I have no idea whi...<\/p>\r\n                                <time class=\"card-item-date\" datetime=\"2026-01-26\">2026.01.26<\/time>\r\n                            <\/div>\r\n                        <\/a>\r\n                    <\/div><\/div><\/div>\n<h3>Immediate Actions to Take If You Suspect Infection<\/h3>\n<p>This specific Trojan is designed to aggressively extract passwords from your system. If you notice any of the above symptoms, take these steps immediately:<\/p>\n<ol>\n<li><strong>Change Passwords from a Safe Device:<\/strong> Do not use the infected PC. Use your smartphone or a different computer to change the passwords for your Google accounts, social media, banking, and crypto wallets.<\/li>\n<li><strong>Enable Multi-Factor Authentication (MFA):<\/strong> Ensure two-factor authentication is active on all critical accounts to prevent unauthorized access.<\/li>\n<li><strong>Run a Full System Scan:<\/strong> Immediately run a deep, full system scan using Windows Defender or your preferred premium security software.<\/li>\n<li><strong>Perform a Clean Windows Install:<\/strong> Because this malware operates in-memory and leaves few traces on the hard drive, a standard antivirus scan may not completely remove it. For guaranteed safety, back up your essential data to an external drive and perform a clean installation of Windows.<\/li>\n<\/ol>\n<div class=\"related-posts-container\"><h5 class=\"related-posts-title\">Related Post<\/h5><div class=\"related-posts-list\"><div class=\"related-post-card-item\">\r\n                        <a href=\"https:\/\/minnano-rakuraku.com\/contents\/en\/data-recovery-en-19469\/\" target=\"_blank\" rel=\"noopener noreferrer\">\r\n                            <div class=\"card-item-img\">\r\n                                <img decoding=\"async\" src=\"https:\/\/minnano-rakuraku.com\/contents\/wp-content\/uploads\/2025\/01\/16-1-300x200.jpg\" width=\"300\" height=\"200\" alt=\"Complete Data Recovery Guide: How to Restore Lost Data and Take Perfect Precautions\" loading=\"lazy\">\r\n                            <\/div>\r\n                            <div class=\"card-item-content\">\r\n                                <h6 class=\"card-item-title\">Complete Data Recovery Guide: How to Restore Lost Data and Take Perfect Precautions<\/h6>\r\n                                <p class=\"card-item-excerpt\">In today&#039;s society, data has become an indispensab...<\/p>\r\n                                <time class=\"card-item-date\" datetime=\"2025-05-22\">2025.05.22<\/time>\r\n                            <\/div>\r\n                        <\/a>\r\n                    <\/div><\/div><\/div>\n<h2>How the CPUID Supply Chain Attack Happened<\/h2>\n<p>The attackers did not directly deface the main CPUID website. Instead, they executed a <strong>supply chain attack<\/strong> by compromising a secondary API that the site relies on.<\/p>\n<p>When users clicked the legitimate download button, the compromised API quietly redirected the download request to an attacker-controlled cloud storage environment hosted on Cloudflare R2.<\/p>\n<h3>The Threat of DLL Hijacking<\/h3>\n<p>According to analysis by security research groups like VX Underground, the payload is uniquely dangerous because it leaves almost no footprint on your local disk. It utilizes a technique called <strong>DLL Side-Loading (or DLL Hijacking)<\/strong>.<\/p>\n<p>Windows OS is designed to load files located in an application&#8217;s immediate folder before searching system folders. By placing a malicious file named cryptbase.dll (which shares the name of a legitimate Windows component) next to the real CPU-Z executable, the malware activates automatically when you run the software. It then establishes a connection with an external Command and Control (C2) server, granting attackers system-level privileges to decrypt and steal your saved browser passwords.<\/p>\n<div class=\"related-posts-container\"><h5 class=\"related-posts-title\">Related Post<\/h5><div class=\"related-posts-list\"><div class=\"related-post-card-item\">\r\n                        <a href=\"https:\/\/minnano-rakuraku.com\/contents\/en\/bluetooth-tethering-en-19210\/\" target=\"_blank\" rel=\"noopener noreferrer\">\r\n                            <div class=\"card-item-img\">\r\n                                <img decoding=\"async\" src=\"https:\/\/minnano-rakuraku.com\/contents\/wp-content\/uploads\/2025\/01\/2-1-300x200.jpg\" width=\"300\" height=\"200\" alt=\"Master Bluetooth Tethering! How to Connect Android\/iPhone to a PC\" loading=\"lazy\">\r\n                            <\/div>\r\n                            <div class=\"card-item-content\">\r\n                                <h6 class=\"card-item-title\">Master Bluetooth Tethering! How to Connect Android\/iPhone to a PC<\/h6>\r\n                                <p class=\"card-item-excerpt\">No Wi-Fi? No problem! You can share your smartphon...<\/p>\r\n                                <time class=\"card-item-date\" datetime=\"2025-05-10\">2025.05.10<\/time>\r\n                            <\/div>\r\n                        <\/a>\r\n                    <\/div><\/div><\/div>\n<h2>What Are CPU-Z and HWMonitor?<\/h2>\n<p>For context, CPU-Z and HWMonitor are essential freeware utilities developed by the French company CPUID. They have been industry standards for over 20 years.<\/p>\n<div style=\"width: 100% !important; overflow: scroll !important;\"><\/p>\n<table>\n<tbody>\n<tr>\n<th><strong>Tool<\/strong><\/th>\n<th><strong>Core Functionality<\/strong><\/th>\n<th><strong>Target Audience<\/strong><\/th>\n<\/tr>\n<tr>\n<td><strong>CPU-Z<\/strong><\/td>\n<td>Instantly displays detailed hardware specifications (processor name, core count, motherboard model, RAM type).<\/td>\n<td>PC beginners, DIY PC builders, IT administrators, Sysadmins<\/td>\n<\/tr>\n<tr>\n<td><strong>HWMonitor<\/strong><\/td>\n<td>Real-time tracking of hardware health sensors (CPU\/GPU temperatures, voltages, power consumption, fan speeds).<\/td>\n<td>Casual gamers, PC overclockers<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><\/div>\n<h2>How to Safely Download Freeware in the Future<\/h2>\n<p>The IT industry&#8217;s golden rule\u2014&#8221;It is safe if you download it from the official website&#8221;\u2014has been shattered by this incident. Freeware tools made by independent developers or mid-sized companies are increasingly becoming targets for supply chain attacks. In fact, the same hacker group is believed to be responsible for similar attacks on <a href=\"https:\/\/filezilla-project.org\/\" target=\"_blank\" rel=\"noopener\"><strong>FileZilla<\/strong><\/a><strong> in March 2026<\/strong> and <a href=\"https:\/\/minnano-rakuraku.com\/contents\/en\/7-zip-en-23439\/\" target=\"_blank\" rel=\"noopener\"><strong>7-Zip<\/strong><\/a><strong> in February 2026<\/strong>.<\/p>\n<p>To protect yourself moving forward:<\/p>\n<ul>\n<li><strong>Verify File Names:<\/strong> Never run an installer if the file name looks slightly altered from what you expected.<\/li>\n<li><strong>Watch for Language and UI Anomalies:<\/strong> Cancel installations if a program unexpectedly defaults to a foreign language like Russian.<\/li>\n<li><strong>Trust Your Security Software:<\/strong> If Windows Defender flags a newly downloaded file, do not assume it is a &#8220;false positive.&#8221; Stop the installation immediately.<\/li>\n<\/ul>\n<p><a href=\"https:\/\/cpuid.com\/\" target=\"_blank\" rel=\"noopener\">&gt; Click here for the official CPUID website<\/a><\/p>\n<div class=\"related-posts-container\"><h5 class=\"related-posts-title\">Related Post<\/h5><div class=\"related-posts-list\"><div class=\"related-post-card-item\">\r\n                        <a href=\"https:\/\/minnano-rakuraku.com\/contents\/en\/instagramplus-en-24053\/\" target=\"_blank\" rel=\"noopener noreferrer\">\r\n                            <div class=\"card-item-img\">\r\n                                <img decoding=\"async\" src=\"https:\/\/minnano-rakuraku.com\/contents\/wp-content\/uploads\/2026\/04\/instagramplus_top-300x169.webp\" width=\"300\" height=\"169\" alt=\"The Ultimate Guide to Instagram Plus: New Features, Pricing, and Stealth Story Views Explained\" loading=\"lazy\">\r\n                            <\/div>\r\n                            <div class=\"card-item-content\">\r\n                                <h6 class=\"card-item-title\">The Ultimate Guide to Instagram Plus: New Features, Pricing, and Stealth Story Views Explained<\/h6>\r\n                                <p class=\"card-item-excerpt\">The Ultimate Guide to Instagram Plus: New Features...<\/p>\r\n                                <time class=\"card-item-date\" datetime=\"2026-04-01\">2026.04.01<\/time>\r\n                            <\/div>\r\n                        <\/a>\r\n                    <\/div><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"Key Takeaways The Incident: Between April 9 and 10, 2026, the official CPUI...","protected":false},"author":10,"featured_media":24135,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[543],"tags":[785],"class_list":["post-24179","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-pc-en","tag-security-en"],"_links":{"self":[{"href":"https:\/\/minnano-rakuraku.com\/contents\/wp-json\/wp\/v2\/posts\/24179","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/minnano-rakuraku.com\/contents\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/minnano-rakuraku.com\/contents\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/minnano-rakuraku.com\/contents\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/minnano-rakuraku.com\/contents\/wp-json\/wp\/v2\/comments?post=24179"}],"version-history":[{"count":4,"href":"https:\/\/minnano-rakuraku.com\/contents\/wp-json\/wp\/v2\/posts\/24179\/revisions"}],"predecessor-version":[{"id":24183,"href":"https:\/\/minnano-rakuraku.com\/contents\/wp-json\/wp\/v2\/posts\/24179\/revisions\/24183"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/minnano-rakuraku.com\/contents\/wp-json\/wp\/v2\/media\/24135"}],"wp:attachment":[{"href":"https:\/\/minnano-rakuraku.com\/contents\/wp-json\/wp\/v2\/media?parent=24179"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/minnano-rakuraku.com\/contents\/wp-json\/wp\/v2\/categories?post=24179"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/minnano-rakuraku.com\/contents\/wp-json\/wp\/v2\/tags?post=24179"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}