Kaspersky‘s Global Research and Analysis Team (GReAT) has uncovered a supply chain attack targeting users of CPU-Z and HWMonitor, two widely used PC hardware monitoring utilities, after the tools’ official website was compromised and used to distribute malware-laced installers for approximately 19 hours.

The incident, which took place on 9 April 2026, saw the legitimate website for the utilities — used by tens of millions of PC users worldwide to monitor hardware performance — replaced with a malicious version serving trojanised installation files. Users who downloaded the software during this window may have unknowingly installed malware on their systems.

Supply Chain Risk in Everyday Tools

The attack highlights the growing risk posed by supply chain compromises, where trusted and widely distributed software becomes a vector for malware delivery. Because CPU-Z and HWMonitor are commonly used by PC enthusiasts, overclockers, and IT professionals, the potential reach of the compromise was significant.

Kaspersky GReAT’s discovery of the incident underscores the importance of verifying software integrity even when downloading from what appears to be an official source. Users who downloaded either utility between 9 April and the time the site was restored are advised to scan their systems immediately and verify the authenticity of their installed software.

What Users Should Do

Security researchers recommend that affected users run a full system scan using an up-to-date endpoint security solution, check for any unusual processes or network activity, and consider reinstalling the affected utilities from verified sources. Organisations with employees who use these tools on work machines should treat affected endpoints as potentially compromised and follow standard incident response procedures.

The episode serves as a timely reminder that even non-enterprise, utility-grade software can become an attack surface — and that vigilance is required at every layer of the software supply chain.