Hackers Spread Malware Through ASUS Software Updates

Updated on

Cyber-attacks have gotten more and more prevalent over the years, and a new vulnerability revealed on Monday offers even more proof that no one’s data is never really 100% safe. Hackers used ASUS’ software updates to install a backdoor on hundreds of thousands of computers–enabling them to spread malware via the company’s own servers. Fortunately, all users of ASUS computers and laptops can easily check if their MAC addresses were exposed to an attack.

Cyber-security company Kaspersky Lab discovered that hackers hijacked ASUS’ software updates to install a backdoor program the firm calls “ShadowHammer” into the computers of thousands of its clients. The firm explained that hackers exploited the Taiwan-based tech giant’s automatic software update system.

Kaspersky estimates that about 57,000 of its own customers were exposed to the malware via the ASUS software updates, although the firm believes approximately 1 million computers in total may have been exposed. Experts are still not aware of the exact goals of the cyber-attack, but Kaspersky added that 600 MAC addresses were purposely targeted, even though the infected ASUS software updates affected many more.

Motherboard cyber-security reporter Kim Zetter tweeted details on how to check if your MAC address was targeted:

Even though Kaspersky informed ASUS about the issue on January 31, the computer manufacturer hasn’t yet commented on the issue. The malicious file the firm traced to ASUS’ software updates was signed with the company’s own digital certificates and then distributed through official channels, which is worrisome. The Asia-Pacific director of Kaspersky Lab’s Global Research and Analysis Team told Motherboard this incident shows “that the trust model we are using based on known vendor names and validation of digital signatures cannot guarantee that you are safe from malware.”

Recently ASUS settled charges filed by the Federal Trade Commission (FTC) after it was found that its routers had vulnerabilities hidden from customers for over a year. To settle the charges, a promise to “establish and maintain a comprehensive security program subject to independent audits for the next 20 years” was given. However, it’s still unclear whether the FTC will take action on the incident concerning ASUS’ software updates or consider it a violation of the previous promise.

“While investigating this attack, we found out that the same techniques were used against software from three other vendors. Of course, we have notified ASUS and other companies about the attack,” reported Kaspersky, which also advised anyone using the ASUS Live Update Utility to update it at once.

Kaspersky Lab has also set up a website where users of ASUS products can check whether the software update affected them here. To find out, users can enter their MAC address on that site. However, if the recent security vulnerabilities worried you, you can also check it through a special tool instead of entering it into the website. Kaspersky’s other tool can be downloaded via a link here.

Leave a Comment