Two of the most popular hardware monitoring utilities have been compromised as they have been flagged by Anti-Viruses with malware.
HWMonitor 1.63 and CPU-Z Download Flagged as Malware; Users Report Unexpected Installer and Antivirus Warnings
Some concerning reports regarding popular hardware monitor tools, HWMonitor and CPU-Z, have been surfacing on social media. According to the reports, users who are attempting to download their latest versions are receiving a suspicious installer flagged by Antivirus software. This raises concerns and puts millions of devices at risk as the download channels appear to have been compromised.
The issue first surfaced on Reddit, where users reported that the official download links delivered an unexpected executable file instead of the legitimate installer. The user u/DMkiller says that when he was about to update HWMonitor from version 1.42 to 1.63 using the software’s interface, he headed to the official CPUID page. However, the downloadable file was mentioned as “HWiNFO_Monitor_Setup.exe”, which is usually something like this: “hwmonitor_1.62“.
When he downloaded the file, Windows Defender flagged it as a VIRUS, but he ignored the warning, and a Russian program started to install, which fortunately he cancelled immediately. After checking the file on Virustotal.com, he got the following results, which are shocking:
More users reported similar findings, which is concerning, considering that malware attacks can steal user information on millions of PCs. Some independent cybersecurity trackers have confirmed the reports to be true. Security monitor group “vx-underground’ confirmed that this wasn’t a false positive, but was a multi-stage trojanized incident delivered through a compromised domain path.
Several users reported receiving mismatched filenames and antivirus alerts. These clearly indicate that the utilities have been compromised. CPU-Z and HWMonitor developer Samuel Demeulemeester suggested that the investigations are currently ongoing, and as per their analysis, the core binaries themselves were not altered. It’s the secondary feature or an API that is connected to the website that got compromised for nearly six hours.
We urge readers not to download both utilities till the malware is removed, and if you have already installed these previously, it’s advised not to update them.
News Source: Reddit
About the author: Sarfraz Khan is a hardware reporter with a focus on PC components and the builder community. With years of experience writing about PC hardware and laptops, his work has been featured on several reputable technology publications.
Sarfraz’s hands-on experience is demonstrated through his first-person accounts of using and comparing different hardware configurations, providing practical and relatable insights for everyday users. His technical analysis is respected by peers in the enthusiast community and has been cited by specialized hardware sites such as Germany’s Igor’s Lab.
Follow Wccftech on Google to get more of our news coverage in your feeds.
First Appeared on
Source link
Leave feedback about this