Two of the most widely used PC hardware monitoring tools are at the center of a serious security scare after users reported that recent downloads were being flagged by antivirus software and, in some cases, attempting to install unexpected programs.
The reports focus on HWMonitor 1.63 and the latest CPU-Z downloads. Multiple users say that when they went to download or update through the usual channels, they didn’t receive the normal installer they expected. Instead, they were served a suspicious executable with a mismatched filename, a classic red flag when you’re dealing with trusted utilities that normally follow consistent naming conventions.
The situation first gained traction after users shared their experiences on Reddit. One user described trying to update HWMonitor via the program’s update flow, only to be directed to a download that appeared under an unfamiliar name. After downloading it, Windows Defender reportedly flagged the file as malicious. In that same account, ignoring the warning led to an unexpected installer launching—described as a Russian program—before the user canceled the process. Additional scans using multi-engine detection tools reportedly returned numerous detections, strengthening concerns that the file wasn’t a harmless false alarm.
As more people compared notes, a consistent pattern emerged: odd filenames, antivirus warnings, and download behavior that didn’t match what users had previously seen from these tools. Independent security monitoring communities also weighed in and indicated this appeared to be a real compromise rather than routine antivirus overreaction, describing it as a trojanized, multi-stage incident delivered through a compromised web path.
The developer behind CPU-Z and HWMonitor, Samuel Demeulemeester, has acknowledged the incident and said an investigation is underway. Based on the analysis shared so far, the main program binaries themselves were not altered. Instead, the issue appears to have involved a secondary feature or side API connected to the website, which was compromised for roughly six hours between April 9 and April 10. During that window, the website could reportedly display or serve an unexpected installer at random—explaining why some users encountered the problem while others did not.
What should users do right now? The safest move is to avoid downloading or updating HWMonitor and CPU-Z until the situation is fully resolved and the distribution channel is confirmed clean. If you already have these utilities installed, do not update them for now, and be especially cautious of any installer with a name you don’t recognize or that doesn’t match the usual versioned filename format. If you did download and run a suspicious installer, consider performing a full system scan with reputable security tools and reviewing recent system changes.
This is a reminder of how quickly a trusted software download can become a threat if any part of the delivery chain is compromised. Even well-known PC monitoring utilities can become a malware vector when attackers slip something into the distribution path—and the first warning sign is often exactly what users reported here: a strange filename and an antivirus alert that shouldn’t be ignored.
