Main points
- Popular programs HWMonitor and CPU-Z have been found to be infected with malicious code that threatens the security of user data.
- It is recommended to refrain from downloading and updating these programs until the problem is resolved, and also to scan your computer for viruses if the update has already occurred.
Dangerous update: why popular PC utilities suddenly became a threat / Collage 24 Channel/Depositphotos
Users around the world have encountered an unexpected threat while trying to update their familiar system monitoring tools. Instead of useful information about temperature or processor frequency, official distribution channels of well-known software have started offering malicious software.
Which programs were called dangerous?
Two of the most popular utilities for monitoring the state of computer hardware, HWMonitor and CPU-Z, have found themselves at the center of a scandal due to the discovery of malicious code in their installers. Users who tried to download the current version 1.63 began to receive alarming notifications from antivirus programs. Since these tools are installed on millions of devices, the situation has reached a critical scale, jeopardizing the security of a huge amount of personal data, writes WCCF TECH.
The first signs of the problem appeared on the Reddit platform. One user noticed that when trying to update HWMonitor from version 1.42 to 1.63 directly through the program interface, he was redirected to the official CPUID page. However, instead of the usual file with a name like “hwmonitor_1.62.exe”, the system offered to download an executable file called “HWiNFO_Monitor_Setup.exe”. This immediately aroused suspicion, since the file name did not meet the developer's standards.
What happens if you ignore the warning?
After downloading, Windows Defender instantly identified the threat. In cases where users ignored the security warnings and ran the file, an installer in Russian appeared on the screen.
Analysis of the suspicious file on VirusTotal confirmed the worst fears: the software contained dangerous elements. Later, independent cybersecurity experts, including the vx-underground group, confirmed that this was not a false alarm from antiviruses. It was a multi-stage attack using a Trojan, which became possible due to the compromise of the domain path on the official website.
What does the developer say?
CPU-Z and HWMonitor developer Samuel Demelemester said that an investigation into the incident is ongoing. According to preliminary analysis, the core binaries of the programs themselves have not been changed.
The vulnerability was discovered in the APIs associated with the website. Apparently, the attackers somehow managed to replace the download files so that users received fake ones with viruses instead of the official ones.
The issue remained active for approximately 6 hours. During this time, any user who accessed the official resource for an update could receive an infected file instead of the original.
In comparison, previous versions of the program, such as 1.61 or 1.62, downloaded with the correct names and did not cause any complaints from antivirus systems. Some users noticed that if they manually changed the download link, they could get the real file “hwmonitor_1.63.exe”, which passed the security check without any comments.
What should users do?
- At this time, it is strongly recommended to refrain from downloading both utilities until the effects of the hack are fully resolved.
- Those who already have previous versions of programs installed are better off not performing any updates until the developers provide official guarantees of the security of their servers.
- If you have updated programs within the last 24 hours, you should uninstall them and then perform a full scan of your computer for viruses.