Users of HWMonitor and CPU-Z programs, which monitor PC performance, have noticed an unusual download of installation files from the official CPUID website. The installer has an unusual name, displays dialog boxes in Russian, and raises antivirus alarms.
Users of HWMonitor and CPU-Z programs, which monitor PC performance, have noticed an unusual download of installation files from the official CPUID website. The installer has an unusual name, displays dialog boxes in Russian, and raises antivirus alarms.
As reported by igor’sLAB, the CPUID website lists HWMonitor 1.63 as the current version for Windows x86/x64 with a release date of April 3, 2026. The official product page does not display the unusual file name, but only the standard download path for the installation version, while the ZIP version leads directly to the Cloudflare R2 domain.
Clicking on the installer link takes you to a separate CPUID download page, stating that the «hwmonitor_1.63.exe» file is ready and that the actual download will take place via download.cpuid.com.
However, Reddit users are reporting that instead of the expected hwmonitor_1.63.exe file, they received an installer called HWiNFO_Monitor_Setup.exe. The messages also mention Windows Defender antivirus warnings, a Russian-language installer dialog, and an unusual Inno Setup shell.
In early 2026, some antiviruses already raised alarms when trying to install HWiNFO, but then the developers explained that these were false positives. However, the situation is different now.
«The most likely explanation at this point is not that HWiNFO was compromised, but that the boot path in the CPUID environment was changed, redirected, or temporarily replaced by a third-party object,» says Igor Vallosek, editor of igor’sLAB.
He is not sure if it is safe to say that the CPUID website has been hacked, but notes that the name «HWiNFO_Monitor_Setup.exe» does not look like an accidentally misnamed CPUID package, but rather a decoy deliberately created to confuse users.
In early 2026, CPUID had already discovered another cybersecurity vulnerability. It involved information disclosure in the kernel driver for CPU-Z versions 2.17 and older. The current CPU-Z page now lists version 2.19, and CPUID explicitly mentions the fixed DLL hijacking vulnerability in the release notes.
