Asus Live Update software program put in on laptops and PCs from the Taiwanese producer contained a backdoor between June and November 2018. Malicious of us this manner may set up malware on particular programs. The malware was focused at particular mac addresses although?
Kaspersky found the presence of the backdoor in January and knowledgeable Asus on the finish of that month. According to safety researchers, the replace software program was contaminated with a backdoor within the timeframe of June up-to November 2018. Kaspersky has named this assault ‘ShadowHammer’ and has put a instrument on-line for customers to examine whether or not their Asus laptop computer comprises the backdoor.
They additionally created a web page on which customers can confirm if their mac tackle is included on the listing of targets. ASUS is believed to have pushed this malware to lots of of 1000’s of consumers via its trusted automated software program replace instrument after attackers compromised the corporate’s server and used it to push the malware to machines. From the report posted at motherboard.vice.com:
Researchers at cybersecurity agency Kaspersky Lab say that ASUS, one of many world’s largest laptop makers, was used to unwittingly to put in a malicious backdoor on 1000’s of its clients’ computer systems final 12 months after attackers compromised a server for the corporate’s reside software program replace instrument. The malicious file was signed with reputable ASUS digital certificates to make it seem like an genuine software program replace from the corporate, Kaspersky Lab says. ASUS, a multi-billion greenback laptop {hardware} firm primarily based in Taiwan that manufactures desktop computer systems, laptops, cell phones, sensible house programs, and different electronics, was pushing the backdoor to clients for no less than 5 months final 12 months earlier than it was found, based on new analysis from the Moscow-based safety agency.
The researchers estimate half 1,000,000 Windows machines obtained the malicious backdoor via the ASUS replace server, though the attackers seem to have been focusing on solely about 600 of these programs. The malware looked for focused programs via their distinctive MAC addresses. Once on a system, if it discovered one in all these focused addresses, the malware reached out to a command-and-control server the attackers operated, which then put in further malware on these machines. Kaspersky Lab mentioned it uncovered the assault in January after including a brand new supply-chain detection expertise to its scanning instrument to catch anomalous code fragments hidden in reputable code or catch code that’s hijacking regular operations on a machine. The firm plans to launch a full technical paper and presentation concerning the ASUS assault, which it has dubbed ShadowHammer, subsequent month at its Security Analyst Summit in Singapore.
