Asus software update utility was hacked to install malware on thousands of computers, company issues fix

By Digit NewsDesk | Published on Mar 26 2019
Asus software update utility was hacked to install malware on thousands of computers, company issues fix
HIGHLIGHTS

The update utility with a backdoor was signed using an authentic Asus digital certificate and hosted on the company's official servers.

Apple iPhone XR 64GB at Lowest Price Ever

6.1" display | 50% Faster Graphics performance | TrueDepth camera

Click here to know more

Highlights:

  • Asus' Live Update Utility tool was hacked and distributed to users via company's official channels.
  • The tool was signed using an authentic Asus digital certificate and hosted on the company's official servers.
  • About 1 million Asus users are said to have received the malware but it affected only 600 users.

 

Update: Asus has responded to the breach and has issued an official statement on the matter. In a statement to Digit.in, Asus said, "Advanced Persistent Threat (APT) attacks are national-level attacks usually initiated by a couple of specific countries, targeting certain international organizations or entities instead of consumers. ASUS Live Update is a proprietary tool supplied with ASUS notebook computers to ensure that the system always benefits from the latest drivers and firmware from ASUS. A small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers in an attempt to target a very small and specific user group. ASUS customer service has been reaching out to affected users and providing assistance to ensure that the security risks are removed. ASUS has also implemented a fix in the latest version (ver. 3.6.8) of the Live Update software, introduced multiple security verification mechanisms to prevent any malicious manipulation in the form of software updates or other means, and implemented an enhanced end-to-end encryption mechanism. At the same time, we have also updated and strengthened our server-to-end-user software architecture to prevent similar attacks from happening in the future. Additionally, we have created an online security diagnostic tool to check for affected systems, and we encourage users who are still concerned to run it as a precaution. The tool can be found here."

What happened?

Asus’ software update tool was breached by hackers to distribute malware to users. Motherboard reports, via a report by Kaspersky Lab, that attackers breached ASUS Live Update Utility software, which is used to deliver an array of software updates to the company’s laptops and desktops. This is said to be one of the biggest supply-chain based hacks where attackers breached and added a backdoor to official company software and pushed it to users through official Asus channels. Additionally, the trojan utility was signed using an authenticated digital certificate, which makes it even harder to detect compromised/modified software. 

The attack has been named “ShadowHammer” by Kaspersky and about 57,000 of its security software users were detected having the malware installed. Symantec told Motherboard that it identified 13,000 of its users with the malware. As per ṭhe Kaspersky report, the attacker(s) hosted the modified software on the official ASUS server that is dedicated to updates. Even the file size of the malicious software was the same as the original file, so as to suppress suspicion and stay undetected. If you are using an Asus laptop or computer, we suggest you update the Asus Live Update Utility on your PC. Additionally, head out here to check if your MAC address was targeted in the attack. 

The trojan was reportedly distributed to about 1 million Asus users but it seems that the hackers were after something specific as they targeted only 600 specific MAC addresses, for which the hashes were hardcoded into different versions of the utility. It is not known what the attackers’ agenda was and more about details this attack will be divulged at the upcoming SAS 2019 security conference in Singapore. However, this type of supply chain attack is being compared with the Shadowpad and the CCleaner incidents, in terms of techniques and complexity. 

Related Reads:

NotPetya is a wiper, not ransomware: Here's what that means

4% of Indian users attacked by banking Trojans in 2018: Kaspersky Lab

 

Videos

NotPetya Malware Everything You Need to Know  Digitin
logo
Digit NewsDesk

The guy who answered the question 'What are you doing?' with 'Nothing'.

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.