On Monday, various news outlets reported that ASUS software updates were infected by a malware that could easily infect ASUS laptops. Now, ASUS has published a press release in which the company states that the ShadowHammer Malware is patched and that users can run additional security checks to find out whether they were exposed to the risk.
When the issue was discovered, it was found that the number of affected individuals was over a million, and were able to detect 600 particular addresses that were targeted with the attack. Fortunately, ASUS has announced that the software update vulnerability is now patched.
Those who fear that they might have been affected by the problem don’t need to worry. ASUS wrote that the company supports a second “security diagnostic” software which can be used to scan the computer and check whether it was affected. Part of the press release reads “[W]e encourage users who are still concerned to run it as precaution.” Additionally there is a link that leads to the software.
If you want to know if your ASUS system was one of the 600 the hackers were targeting with that backdoor @kaspersky Lab has a web site where you can check https://t.co/WLhSJICHGi; if you don’t want to insert your MAC address in that site they also have a tool you can run
— Kim Zetter (@KimZetter) March 25, 2019
“ASUS has also implemented a fix in the latest version (ver. 3.6.8) of the Live Update software, introduced multiple security verification mechanisms to prevent any malicious manipulation in the form of software updates or other means, and implemented an enhanced end-to-end encryption mechanism. At the same time, we have also updated and strengthened our server-to-end-user software architecture to prevent similar attacks from happening in the future,” it says in the news release.
However, what’s worrisome is that the ASUS press release about the ShadowHammer malware doesn’t offer any sort of apology for compromising the data of nearly a million people according to estimates of the Cybersecurity company Kaspersky Lab. Instead, the company stated that “Only a small number of specific user group were found to have been targeted.” Companies that distribute products like laptops, routers and accompanying security software must be aware of how easy nowadays it is to distribute malware through the systems and they should take necessary measures for that never to happen in the first place.
Instead of an apology, the tech company encouraged its users not to worry as they are ensuring that the trojan horse will never penetrate through the system again and that new tools have been added to enhance the connection between secured companies.
That may sound enough to put concerns to rest for now. However, a large company like ASUS allowing that type of serious malware to get through doesn’t offer enough reliability for anyone with a little computer savvy to trust them. Anyhow, if anyone uses ASUS products he can check the additional security software. Also, in the ASUS press release there is a link for a tool to check whether your MAC address was exposed during the attack. Kaspersky Lab also has more information on the attack, which can be checked here.