News Categories

ASUS Live Update has been used by hackers to distribute malware to possibly over a million users

By Wong Chung Wee - on 26 Mar 2019, 9:41am

ASUS Live Update has been used by hackers to distribute malware to possibly over a million users

Update: ASUS responds with a solution!

Image source: ASUS

The update utility installed on most ASUS computers, ASUS Live Update has been used by hackers to distribute malware to targeted Windows machines. This sophisticated supply chain attack, Operation ShadowHammer, took place between June and November 2018, and infected over 57,000 of Kaspersky Lab customers.

Image source: Kaspersky Lab

Based on the company’s estimate, a total of one million ASUS customers may have downloaded and installed the compromised, i.e., backdoored version of ASUS Live Update application.

The hackers behind Operation ShadowHammer were after a specific pool of users, who were identified by their network adapters’ MAC addresses. Those MAC addresses were hardcoded by the hackers in the compromised version of ASUS Live Update app. The researchers at Kaspersky Lab managed to unhashed over 600 unique MAC addresses from over 200 samples used in this targeted attack.

The hackers were able to stay undetected for such a long period was partly due to their usage of legitimate digital certificates with their backdoored ASUS Live Update app. The compromised utility application was hosted on two official ASUS URLs. The app was able to deliver official ASUS’ updates as well as the hackers’ malware.

The exact intentions of the hackers weren’t revealed by Kaspersky’s report; however, the researchers stated this attack was highly sophisticated and it targeted specific users, whose identities are unknown except for the extracted MAC address of their network adapters. Of course, the extracted information isn’t fully comprehensive but the researchers have created a tool that can determine if your computer was targeted by comparing your MAC address against their list.

Kaspersky Lab has informed ASUS about Operation ShadowHammer and has supported the company in their investigations by providing forensic digital data and descriptions of the malware. The researchers also plan to share technical details of their work in a whitepaper that will be presented at the Security Analyst Summit 2019 in Singapore next month.

Source: Kaspersky Lab, ASUS

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.