PSA: Do NOT download or update CPUID HWMonitor v1.63 for the moment (malware reported)

Just sharing this PSA because a lot of us building / maintaining PCs for flight sim use popular hardware monitoring software.

It appears from reporting today by various outlets including Igor’s Lab and others on Youtube, that the official download for HWMonitor v1.63 on the CPUID web page includes embeded malware.

It appears this is recent (today), and previous versions are fine, but I haven’t investigated myself. I suspect that it’s not the software that is infected, but the website, which seems to redirect the download link to another set of files. I’m sure we will learn more from hardware news outlets in the coming days.

Note, this is not to be confused with “HWInfo” or HWInfo64", which is a completely different developer.

Edit - it appears CPU-Z may also be affected. Stay tuned.

Yes, luckily I am back on 1.60 and am not religious about updating… the YouTube video is chilling….

On CPU-Z I did not find much but is saw I have the ASUS branded version so I hope they did due diligence on it.

Thanks for the PSA.

CPUID confirmed their website had been hijacked, so that links to download CPU-Z and HWMonitor were redirected to download malware, as reported by Videocardz.com

Investigations are still ongoing, but it appears that a secondary feature (basically a side API) was compromised for approximately six hours between April 9 and April 10, causing the main website to randomly display malicious links (our signed original files were not compromised). The breach was found and has since been fixed. Sorry for the inconvenience. I did my best to fix that mess as soon as possible :-/
Sam.

Yikes! YIKES!

My take is that if you were not so unlucky as to update during the small window when the site was hijacked, you are probably OK. But this is just a sign of the times. If you really want to get scared, follow the podcast Security Now…. multiple events like this every week….

Anyone know what kind of malware it actually was? And would it have been caught by Windows Defender (or Windows Security or whatever irs called now)?

Unreal. Thank you.

I’m pretty sure it’s fine now - the news reporting quoted the developer (quoted in my post above) that they had found and fixed the hijacked code on their website.

Edit - It appears to have been pretty clever and potentially very bad. Instead of downloading malware (which antivirus would likely detect) it downloads code in the form of a file that would then be compiled ON your computer, do series of checks to see if it was detected, then reach out to a server, and likely end up with remote control of your PC. Yikes indeed.

As a general protective rule for myself, whenever I see an update is available for anything, I try to reasearch what others are reporting about it before I proceed. Not just for malware, but because lately “updates” often break things with bad, lazy, AI vibe coding now that so many of the dedicated professional human coders have been layed off industry wide.

Yeah, if you follow the podcast I mentioned above every week there are new vulnerabilities often linked to updates of software that involved their recompilation using new public libraries that are say on Github. These secondary libraries may be updated without the primary programmer knowing a thing and the updates may be the problem. This is not what happened in the current case but just a pause for thought before you update software. Even companies like the US military, Microsoft and Cisco are vulnerable since they are using OpenSource libraries. AI programming assistance makes these updates even more uncontrolled and distant.

Just an update on this event. It is being reported that CPUID downloads and updates were compromised from April 3 to April 10, 2026 - which is a longer time period than I assumed.

So if anyone downloaded or updated CPUID CPU-Z or HWMonitor software between those dates, you might want to consider a complete backup and wipe of your system…