Hackers target Asus users with hijacked updates
Malware attack called 'ShadowHammer' spotted by Kaspersky
Asus has been unwittingly pushing malware infected updates on users that gave hackers backdoor access to their hardware.
These malicious actors managed to infect the servers that Asus uses to roll out software updates to its devices. It's a sophisticated supply-chain attack, first spotted by Kaspersky Labs in January, which has been dubbed 'ShadowHammer'.
ShadowHammer is a trojan type of malware on a utility that seems legitimate because it has a signed certificate and is hosted on the Asus server that deals with updates. It stays undetected for a long time because criminals made sure the file size stayed the same as the original Asus one.
Kaspersky said the attack took place between June and November 2018 and according to its telemetry, it affected a large number of users.
The Asus live update is a utility that is pre-installed on most Asus computers and is used to automatically update certain components, drivers and applications. Asus is one of the worlds largest PC vendors and, as such, an extremely attractive target for APT groups that might want to take advantage of their user base.
"Based on our statistics, over 57,000 Kaspersky users have downloaded and installed the backdoored version of ASUS Live Update at some point in time," Kaspersky said. "We are not able to calculate the total count of affected users based only on our data; however, we estimate that the real scale of the problem is much bigger and is possibly affecting over a million users worldwide."
Strangely, the cybercriminals behind ShadowHammer were not interested in a vast swathe of the infected machines as they seemingly targeted only 600 specific MAC addresses, for which the hashes were hardcoded into different versions of the utility.
Kaspersky has said this is a bigger supply-chain incident than the malware infestation that hit CCleaner. The optimisation app was hit in 2017 when a new version of it was being used to spread malware to millions of users.
IT Pro has approached Asus for comment.
B2B under quarantine
Key B2C e-commerce features B2B need to adopt to surviveDownload now
The top three IT pains of the new reality and how to solve them
Driving more resiliency with unified operations and service managementDownload now
The five essentials from your endpoint security partner
Empower your MSP business to operate efficientlyDownload now
How fashion retailers are redesigning their digital future
Fashion retail guideDownload now