Responsible IT or security guys always recommend to download any software/package from official website/source. But what happens when that official website or source is compromised ? Yeah that happened with CPUID.
In April 2026, CPUID’s official website briefly served malicious files instead of legitimate downloads for tools such as CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor. According to CPUID, the company’s signed original files were not compromised. Instead, a “secondary feature” or side API was breached, causing the website to randomly display malicious download links for around six hours.
That detail is important because it changes how we think about trust. The attackers did not need to alter the real software itself. They only needed to compromise the delivery path. So a user could visit the real CPUID website, click a normal-looking download button, and still end up with malware.
Kaspersky was among the researchers that analyzed the attack. According to Kaspersky, the malicious packages included a legitimate signed executable and a malicious CRYPTBASE.dll file, which was used for DLL sideloading. Kaspersky also reported more than 150 victims in its telemetry and linked the final-stage malware to STX RAT.
There is some difference in how the timeline was reported. CPUID said the compromise lasted about six hours between April 9 and April 10, while Kaspersky observed malicious activity over a longer period. That is worth noting, but the core facts are clear: the official site was used to distribute malware, and trusted software delivery was abused.
The lesson is simple. Trusting a brand or an official website is no longer enough by itself. If the website, backend service, or download system is compromised, users can still be at risk. This incident is a reminder that security is not only about protecting software code. It is also about protecting how that software reaches users.
