Asus software hijacked to spread malware…
The current report trending reveals how ASUS shipping malicious software in its computers which opened up backdoors that hackers could exploit.
All Tech News gathered that thousands of Asus computers were infected by the malware which was discovered by Kaspersky Lab after hackers managed to infect the company’s servers used to roll out software updates to its devices.
Dubbed ShadowHammer, the attack vector was active between June and November 2018, according to Kaspersky Lab’s telemetry, and left a large amount of Asus customers vulnerable to backdoor attacks once ShadowHammer had established communication with a command and control server.
“Based on our statistics, over 57,000 Kaspersky users have downloaded and installed the backdoored version of Asus Live Update at some point in time,” Kaspersky’s breakdown of ShadowHammer explained.
“We are not able to calculate the total count of affected users based only on our data; however, we estimate that the real scale of the problem is much bigger and is possibly affecting over a million users worldwide.
“The goal of the attack was to surgically target an unknown pool of users, which were identified by their network adapters’ MAC addresses. To achieve this, the attackers had hardcoded a list of MAC addresses in the trojanized samples and this list was used to identify the actual intended targets of this massive operation.”
Kaspersky’s researchers were able to extract more than 600 unique MAC addresses from over 200 samples used in the attack, though it noted there might be other MAC address lists out there used for targeted cyberattacks.
That being said, out of the thousands of infected machines, only a small subset appeared to be targeted by the hackers. So this would indicate that the attack has been specifically directed in one direction, though for what end remains unclear.
ShadowHammer has now been stopped, and Asus telling INQ that it’s also released have created an online security diagnostic tool to check for affected systems.
“Asus Live Update is a proprietary tool supplied with ASUS notebook computers to ensure that the system always benefits from the latest drivers and firmware from Asus,” the firm’s statement reads.
“A small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers in an attempt to target a very small and specific user group. ASUS customer service has been reaching out to affected users and providing assistance to ensure that the security risks are removed.
“ASUS has also implemented a fix in the latest version (ver. 3.6.8) of the Live Update software, introduced multiple security verification mechanisms to prevent any malicious manipulation in the form of software updates or other means, and implemented an enhanced end-to-end encryption mechanism.”
Though fixed, this attack vector is another example of sophisticated hackers infecting the supply chain of software, which can significantly compromise PCs thanks to getting signed by legitimate certificates, and thus more easily sneak onto computers and sit waiting to be exploited.
One example of this was how hackers compromised the supply of, ironically, the CCleaner PC maintenance and security tool. While quickly fixed once discovered, such supply chain malware can lurk unnoticed for ages and thus have the scope for wide-spread infection.
The situation arguably serves as a reminder for computer makers to rigorously check their supply chains in order to keep dodgy folk at bay