'This is not your typical run-of-the-mill malware': CPUID download page hacked and tools replaced with links to malicious files
Links to multiple CPUID tools hijacked
by https://www.techradar.com/uk/author/sead-fadilpai · TechRadarNews By Sead Fadilpašić published 13 April 2026
Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Become a Member in Seconds
Unlock instant access to exclusive member features.
Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors
By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
You are now subscribed
Your newsletter sign-up was successful
Join the club
Get full access to premium articles, exclusive features and a growing list of member rewards.
An account already exists for this email address, please log in. Subscribe to our newsletter
- CPUID.com briefly compromised to serve malware
- Tainted downloads used DLL sideloading with CRYPTBASE.dll
- Sophisticated Trojan deployed, flagged by 20 AV engines
CPUID.com, a popular website for PC diagnostics tools has confirmed it was compromised and used to serve malware.
"Investigations are still ongoing, but it appears that a secondary feature (basically a side API) was compromised for approximately six hours between April 9 and April 10, causing the main website to randomly display malicious links (our signed original files were not compromised),” the project’s maintainers told BleepingComputer. The breach was found and has since been fixed."
In other words, the software hosted on CPUID was not poisoned - it was merely serving different download links. Still, victims might think they’re downloading legitimate software.
Article continues below
Not your typical malware
Researchers from Kaspersky found that the download links for this software was tainted:
CPU-Z (version 2.19)
HWMonitor Pro (version 1.57)
HWMonitor (version 1.63)
PerfMonitor (version 2.04)
The modified variants included a legitimate, signed executable and a malicious DLL named 'CRYPTBASE.dll', used for DLL sideloading.
"The malicious DLL is responsible for C2 [command and control] connection and further payload execution. Prior to this, it also performs a set of anti-sandbox checks and, if all the checks have passed, it connects to the C2 server," Kaspersky said.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors