Hackers target Asus users with hijacked updates

Malware attack called 'ShadowHammer' spotted by Kaspersky

Shadow Hammer image on laptop

Asus has been unwittingly pushing malware infected updates on users that gave hackers backdoor access to their hardware. 

These malicious actors managed to infect the servers that Asus uses to roll out software updates to its devices. It's a sophisticated supply-chain attack, first spotted by Kaspersky Labs in January, which has been dubbed 'ShadowHammer'

ShadowHammer is a trojan type of malware on a utility that seems legitimate because it has a signed certificate and is hosted on the Asus server that deals with updates. It stays undetected for a long time because criminals made sure the file size stayed the same as the original Asus one.

Kaspersky said the attack took place between June and November 2018 and according to its telemetry, it affected a large number of users.

The Asus live update is a utility that is pre-installed on most Asus computers and is used to automatically update certain components, drivers and applications. Asus is one of the worlds largest PC vendors and, as such, an extremely attractive target for APT groups that might want to take advantage of their user base.

"Based on our statistics, over 57,000 Kaspersky users have downloaded and installed the backdoored version of ASUS Live Update at some point in time," Kaspersky said. "We are not able to calculate the total count of affected users based only on our data; however, we estimate that the real scale of the problem is much bigger and is possibly affecting over a million users worldwide."

Strangely, the cybercriminals behind ShadowHammer were not interested in a vast swathe of  the infected machines as they seemingly targeted only 600 specific MAC addresses, for which the hashes were hardcoded into different versions of the utility.

Kaspersky has said this is a bigger supply-chain incident than the malware infestation that hit CCleaner. The optimisation app was hit in 2017 when a new version of it was being used to spread malware to millions of users. 

IT Pro has approached Asus for comment.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

How to encrypt files and folders in Windows 10
encryption

How to encrypt files and folders in Windows 10

9 Apr 2021
The definitive guide to IT security
Whitepaper

The definitive guide to IT security

9 Apr 2021
Evidence suggests REvil behind Harris Federation ransomware attack
ransomware

Evidence suggests REvil behind Harris Federation ransomware attack

9 Apr 2021
Fujitsu taps Trend Micro to secure private 5G networks in smart factories
5G

Fujitsu taps Trend Micro to secure private 5G networks in smart factories

8 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021