Asus software update utility was hacked to install malware on thousands of computers

Highlights: Asus' Live Update Utility tool was hacked and distributed to users via company's official channels. The tool was signed using an authentic Asus digital certificate and hosted on the company's official servers. About 1 million Asus users are said to have received the malware but it affected only 600 users.   Asus’ software update tool was breached by hackers to distribute malware to users. Motherboard reports, via a report by Kaspersky Lab, that attackers breached ASUS Live Update Utility software, which is used to deliver an array of software updates to the company’s laptops and desktops. This is said to be one of the biggest supply-chain based hacks where attackers breached and added a backdoor to official company software and pushed it to users through official Asus channels. Additionally, the trojan utility was signed using an authenticated digital certificate, which makes it even harder to detect compromised/modified software.  The attack has been named “ShadowHammer” by Kaspersky and about 57,000 of its security software users were detected having the malware installed. Symantec told Motherboard that it identified 13,000 of its users with the malware. As per ṭhe Kaspersky report, the attacker(s) hosted the modified software on the official ASUS server that is dedicated to updates. Even the file size of the malicious software was the same as the original file, so as to suppress suspicion and stay undetected. If you are using an Asus laptop or computer, we suggest you update the Asus Live Update Utility on your PC. Additionally, head out here to check if your MAC address was targeted in the attack.  The trojan was reportedly distributed to about 1 million Asus users but it seems that the hackers were after something specific as they targeted only 600 specific MAC addresses, for which the hashes were hardcoded into different versions of the utility. It is not known what the attackers’ agenda was and more about details this attack will be divulged at the upcoming SAS 2019 security conference in Singapore. However, this type of supply chain attack is being compared with the Shadowpad and the CCleaner incidents, in terms of techniques and complexity. Asus has been informed of the breach by Kaspersky and we have reached out to the company, who has promised of providing an official statement on the subject.  Related Reads: NotPetya is a wiper, not ransomware: Here's what that means 4% of Indian users attacked by banking Trojans in 2018: Kaspersky Lab  

from Latest Technology News https://ift.tt/2OoW9vl