26 Mar 2019
How hackers infected several ASUS PCs using official software update
ASUS, a leading player in the personal computing arena, has suffered from a sophisticated espionage operation.
Security research company Kaspersky Lab has revealed that the Taiwanese giant's live software updater was compromised to spread malware on several PCs.
Kaspersky claims over a million PCs may be affected, but ASUS disputes that.
Here are the details of the attack.
ASUS Live Update Utility compromised
In a recent report, Kaspersky claimed that attackers used stolen digital certificates to inject malicious code into the ASUS Live Update Utility.
Then, using the same software, they issued a 'critical' update aimed at installing backdoors and delivering malware on computers.
It was pushed through ASUS' official server, which tricked many into falling for the attack and installing the malware.
How many users installed the malware?
Kaspersky suggested the malware may have reached a million users of the updater while noting some 70,000 confirmed infection cases.
It said 57,000 users of its own anti-virus tool had installed the malicious update, while another 13,000 cases were reported by Symantec, the firm behind Norton antivirus.
This seems to indicate that at least tens of thousands of users downloaded the malware.
Attackers, however, targeted specific computers
The malware seems to have compromised many users, but Kaspersky's analysis indicates it was crafted to disrupt select hundreds.
Apparently, the malware had special instructions to attack some 600 computers, identified by their unique MAC addresses - used for connecting computers to networks.
It looked for these systems using a predefined table and installed more malware on them after discovery.
ASUS claims the issue has been fixed
After staying silent on the matter, ASUS has issued a statement noting that the backdoor only affected a few hundred computers between June and November last year and has been patched now.
Nick Wu, a spokesperson from the company, told Bloomberg they've also helped affected customers install a fix and updated their servers to prevent such an attack from occurring again.
Have antivirus systems to avoid such attacks
As supply chain attacks - like the one seen here - can compromise a large number of computers in one go, it is highly recommended to have a reliable antivirus program installed. You can pick any leading antivirus solution, be it Kaspersky, Norton, or QuickHeal.