CPUID Suffers Supply Chain Attack, Malicious Code Distributed via CPU-Z Downloads

Hackers breached CPUID, the maker of popular system monitoring tools CPU-Z and HWMonitor, and used the access to distribute malware through the company's official website. The attackers gained access to an API controlling download links on CPUID's website. They modified the links to point to malicious executables instead of the legitimate software installers. Users who downloaded CPU-Z or HWMonitor during the compromise window received malware instead of the intended system tools. CPUID has since regained control of its infrastructure and restored legitimate download links. The company has not disclosed how long the compromise lasted or how many users may have been affected. The incident represents a supply chain attack, where threat actors compromise trusted software distribution channels to reach large numbers of victims. Such attacks are particularly effective because users typically trust downloads from official vendor websites. Security researchers recommended that anyone who downloaded CPU-Z or HWMonitor from the official website in recent days scan their systems for malware. The malicious executables were designed to appear legitimate and carried valid digital signatures during at least part of the incident. CPUID tools are widely used