The Official Download for these Tools shipped Malware

The official CPU-ID download page for HW Monitor 1.53/1.6.3 and CPU-Z was found serving malware-laced installers. Analysis using VirusTotal and Any.run sandbox reveals the payload is a RAT (Remote Access Trojan) featuring HVNC (Hidden Virtual Network Computing), PowerShell reverse shell, DPAPI-based credential theft, anti-VM techniques, and DLL-based obfuscation via PEB walking and XOR key obfuscation. The HW Monitor payload appears to be a partially-baked campaign (originally intended for HW Info), meaning simply installing it may not trigger the malware unless the program is also run. The CPU-Z variant is more dangerous and likely compromises the system on install. Windows Defender detects both, but users who disabled or excluded it are at risk. A strong warning is issued to open source maintainers and software distributors to take supply chain security seriously.