Hackers took over Asus updates to send you malware, researchers say

Kaspersky Lab estimates that the attack could have affected more than a million users.

Asus Zephyrus GX531GS

Thousands of Asus computers were infected with malware from the company’s own update tool, researchers from Kaspersky Lab said Monday.

The researchers discovered the attack in January, after hackers took over the Asus Live Update Utility to quietly install malware on devices. The hack was first reported by Motherboard.

The hack, which Kaspersky Lab is calling Operation ShadowHammer, went on between June and November 2018. Kaspersky Lab found that it affected more than 57,000 people using its products.

The Russia-based cybersecurity company was only able to find those numbers for its own users, and estimates that the malware could affect more than a million Asus owners worldwide. The update tool is preinstalled on the majority of new Asus devices.

The attackers were able to infect devices without raising red flags because they used Asus’ legitimate security certificate, which was hosted on the computer manufacturer’s servers.

Asus is a Taiwan-based computer company, and one of the top consumer notebook vendors in the world, with millions of laptops worldwide. The company did not respond to a request for comment.
“The selected vendors are extremely attractive targets for APT [advanced persistent threat] groups that might want to take advantage of their vast customer base,” Vitaly Kamluk, director of Kaspersky Lab’s Global Research and Analysis Team, said in a statement.

Malware can arrive on your devices in a lot of ways — downloading a file from an email, opening a PDF you shouldn’t have or via browser-based attacks.
The hack on Asus’ automatic update tool points to another kind of concern, in which people have to be worried about patches from the source itself as hackers seek to exploit a trusted relationship. Supply chain attacks are not new: In 2017, the popular software tool CCleaner was hijacked to install malware on millions of computers.

Distrust in automatic updates leads to another kind of threat, as many companies often rely on people to patch their devices to defend against new malware. The majority of computers infected with the WannaCry ransomware, for instance, were hit because they didn’t install a security update issued in 2017

While it’s capable of attacking millions, the malware had a specific set of targets, researchers found. Once it was installed, the backdoor checked the device’s MAC address. If it matched one of the hacker’s targets, it then installed another set of malware, researchers said.

Kaspersky Lab researchers said they identified more than 600 MAC addresses, and released a tool for people to check whether they were targeted by the attack. The cybersecurity company said it’s notified Asus, and the investigation is ongoing.

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s