CPUID's download page has been hacked, with its popular processor and PC info tools replaced with links to files containing malware

There are lots of great software tools out there that can tell you all kinds of things about your gaming PC, and perhaps two of the most well-known by enthusiasts are CPU-Z and HWMonitor. However, two sharp-eyed Redditors spotted that while everything seems all normal on the official download page, the links will give you files that are anything but official.

Reddit users DMkiIIer and OthoAi5657 posted their discovery just a few hours ago, and the findings have been confirmed by vx-underground on X.

WARNING! HWMonitor 1.63 Download on the official "cpuid" page is a Virus!!! from r/pcmasterrace

In short, what look like normal download links for CPU-Z and HWMonitor, producing seemingly correct files, appear to result in your getting a file with an altered name, Russian setup language, and a different wrapper for the installation screen.

Oh, and an immediate warning from anti-virus software.

Adding to the confusion is that, instead of getting something like 'hwmonitor_1.63.exe' as your download, the file is labelled 'HWiNFO_Monitor_Setup.exe'. This has led some people to report on social media that HWInfo has been affected by malware, but this is absolutely not the case.

While I haven't used HWMonitor in a long time, I do fire up CPU-Z quite often when I'm hardware testing. For example, if I want to check what BIOS version a motherboard sample is sporting, CPU-Z can tell me that within a matter of seconds. Admittedly, so can HWInfo, it's just that the program takes longer to get going than CPU-Z does.

Worryingly, this is no simple hijack of CPUID, either. According to vx-underground, "This is not your typical run-of-the-mill malware. This malware is deeply trojanized, distributes from a compromised domain, performs file masquerading, is multi-staged, operates (almost) entirely in-memory, and uses some interesting methods to evade EDRs and/or AVs such as proxying NTDLL functionality from a .NET assembly."

"This is the same Threat Group who was masquerading FileZilla in early March, 2026. They've been busy."

Mr. Titus Tech is correct. cpuid-dot-com is indeed delivering malware right now.As I began poking this with I stick I discovered this is not your typical run-of-the-mill malware. This malware is deeply trojanized, distributes from a compromised domain (cpuid-dot-com), performs… https://t.co/ubkXmG7LKV pic.twitter.com/jPlAMmpijNApril 10, 2026

The hack vx-underground is referring to was subtle but also very devious, though it's certainly not the only instance of FileZilla (an FTP client) being the target for malware. As to who's behind all of this, that's not certain at all, but if it is indeed the same group that targeted CPUID and FileZilla, then other popular PC software tools could well be next.

Your best defence in all of this is to use a good anti-virus/malware package, keep it regularly updated, and make sure you scan any programs or compressed files that you download. In the case of common software tools, you can also try downloading several copies, from different sources, and comparing the file names, sizes, and digital signatures. If they're all legitimate, they will be identical in every respect.