Hackers target Asus users with hijacked updates

Malware attack called 'ShadowHammer' spotted by Kaspersky

Shadow Hammer image on laptop

Asus has been unwittingly pushing malware infected updates on users that gave hackers backdoor access to their hardware. 

These malicious actors managed to infect the servers that Asus uses to roll out software updates to its devices. It's a sophisticated supply-chain attack, first spotted by Kaspersky Labs in January, which has been dubbed 'ShadowHammer'

ShadowHammer is a trojan type of malware on a utility that seems legitimate because it has a signed certificate and is hosted on the Asus server that deals with updates. It stays undetected for a long time because criminals made sure the file size stayed the same as the original Asus one.

Kaspersky said the attack took place between June and November 2018 and according to its telemetry, it affected a large number of users.

The Asus live update is a utility that is pre-installed on most Asus computers and is used to automatically update certain components, drivers and applications. Asus is one of the worlds largest PC vendors and, as such, an extremely attractive target for APT groups that might want to take advantage of their user base.

"Based on our statistics, over 57,000 Kaspersky users have downloaded and installed the backdoored version of ASUS Live Update at some point in time," Kaspersky said. "We are not able to calculate the total count of affected users based only on our data; however, we estimate that the real scale of the problem is much bigger and is possibly affecting over a million users worldwide."

Strangely, the cybercriminals behind ShadowHammer were not interested in a vast swathe of  the infected machines as they seemingly targeted only 600 specific MAC addresses, for which the hashes were hardcoded into different versions of the utility.

Kaspersky has said this is a bigger supply-chain incident than the malware infestation that hit CCleaner. The optimisation app was hit in 2017 when a new version of it was being used to spread malware to millions of users. 

IT Pro has approached Asus for comment.

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021
HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021

Most Popular

The benefits of workload optimisation
Sponsored

The benefits of workload optimisation

16 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
IT Pro Panel: Why IT leaders need soft skills
professional development

IT Pro Panel: Why IT leaders need soft skills

26 Jul 2021