Hackers target Asus users with hijacked updates
Malware attack called 'ShadowHammer' spotted by Kaspersky
Asus has been unwittingly pushing malware infected updates on users that gave hackers backdoor access to their hardware.
These malicious actors managed to infect the servers that Asus uses to roll out software updates to its devices. It's a sophisticated supply-chain attack, first spotted by Kaspersky Labs in January, which has been dubbed 'ShadowHammer'.
ShadowHammer is a trojan type of malware on a utility that seems legitimate because it has a signed certificate and is hosted on the Asus server that deals with updates. It stays undetected for a long time because criminals made sure the file size stayed the same as the original Asus one.
Kaspersky said the attack took place between June and November 2018 and according to its telemetry, it affected a large number of users.
The Asus live update is a utility that is pre-installed on most Asus computers and is used to automatically update certain components, drivers and applications. Asus is one of the worlds largest PC vendors and, as such, an extremely attractive target for APT groups that might want to take advantage of their user base.
"Based on our statistics, over 57,000 Kaspersky users have downloaded and installed the backdoored version of ASUS Live Update at some point in time," Kaspersky said. "We are not able to calculate the total count of affected users based only on our data; however, we estimate that the real scale of the problem is much bigger and is possibly affecting over a million users worldwide."
Strangely, the cybercriminals behind ShadowHammer were not interested in a vast swathe of the infected machines as they seemingly targeted only 600 specific MAC addresses, for which the hashes were hardcoded into different versions of the utility.
Kaspersky has said this is a bigger supply-chain incident than the malware infestation that hit CCleaner. The optimisation app was hit in 2017 when a new version of it was being used to spread malware to millions of users.
IT Pro has approached Asus for comment.
Report: The State of Software Security
This annual report explores important trends in software securityDownload now
A fast guide to finding your cloud solution
One size doesn't fit all in the cloud, so how do you find the best option for your business?Download now
Digitally perfecting the supply chain
How new technologies are being leveraged to transform the manufacturing supply chainDownload now
Small & Medium Business Trends Report
Insights from 2,000+ business owners and leaders worldwideDownload now