Hackers took over Asus updates to send malware, researchers found

Kelley Robertson
March 27, 2019

In its statement, ASUS said the "Live Update" software fix "introduced multiple security verification mechanisms" to keep updates from being manipulated by hackers. Asus, one of the worst offenders among the vulnerable laptop makers, was guilty of not even using HTTPS encryption or signing or validating their software updates. The company is still investigating the actual number of its computers that have been affected.

They can also use apps provided by ASUS and Kaspersky that check if their device's MAC address was on the list of 600 MACs the ShadowHammer operation targeted.

Taiwanese laptop maker Asus unknowingly pushed malware to thousands of computers after one of its servers was hacked past year, potentially affecting more than one million people, Russian cybersecurity firm Kaspersky Lab said.

Interestingly the Asus Live Update malware attack was targeted at a pool of users identified by a limited range of network adapter MAC addresses.

Kaspersky discovered the malware earlier in the year after adding a new supply-chain detection technology to its scanning software.

Almost half of the affected systems detected by Kaspersky were computers in Russia, Germany, and France-though this number may be more representative of where Kaspersky users with ASUS computers were rather than the actual geographic distribution. The company has also made available a security diagnostics tool that scans your system to determine if you've been backdoored [Download Link].

ASUS's appears to have handled the issue remarkably badly, first denying to Kaspersky that the attack had happened, and then asking the security vendor to sign a non-disclosure agreement.

Symantec, a USA -based cybersecurity firm, was also able to confirm Kaspersky's discovery, adding that 13,000 of its own customers had been infected with the backdoor. The update tool is preinstalled on the majority of new Asus devices. "At the same time, we have also updated and strengthened our server-to-end-user software architecture to prevent similar attacks from happening in the future".

If you thought it was just ASUS, it's not.

Have you been hit by the malware?

And, while the attack targeted users across the world, it doesn't seem Aussie users were affected.

"We were able to extract more than 600 unique MAC addresses from over 200 samples used in this attack".

Kaspersky states that the attackers used stolen digital certificates to insert malicious code into the Asus LiveUpdate system.

Other reports by

Discuss This Article