ASUS users targeted in large supply chain attack

ASUS users targeted in large supply chain attack

To achieve this, the attackers had hardcoded a list of MAC addresses in the trojanized samples and this list was used to identify the actual intended targets of this massive operation.

The ShadowHammer operation, as Kaspersky is calling it, infected hundreds of thousands of users, but the ShadowHammer malware hidden inside the Live Update tool didn't infect users with additional payloads unless their device had a specific MAC address.

Logos of Taiwanese multinational computer hardware and electronics company Asus are seen during the annual Computex computer exhibition in Taipei, Taiwan June 1, 2016. The exact number isn't yet known, but the company's estimates - based on detection on 57,000 systems with Kaspersky security software installed - peg the number at 'over a million users worldwide'.

They targeted the Asus Live Update Utility, which is virtually ubiquitous among newer models from the Asian computer giant.

To be safe, Kaspersky also advises people to make certain they have the most recent version of Asus Live Update installed on their devices. No mention is made about how the hackers broke in to the company's servers to distribute the malicious update.

Symantec has also addressed the situation, with Director of Development for the Security Technology and Response Group of Symantec chiming in with: "We saw the updates come down from the Live Update ASUS server".

Hackers took over Asus updates to send malware, researchers found
Asus software hack reportedly leaves thousands of PCs exposed

The company released Live Update 3.6.8, but it is unclear if updating to this version removes all traces of the older backdoored Live Update version.

What the hackers were after also remains unknown.

ASUS's appears to have handled the issue remarkably badly, first denying to Kaspersky that the attack had happened, and then asking the security vendor to sign a non-disclosure agreement.

Asus confirmed today that its Live Update utility has been indeed infected with malicious code by an advanced persistent threat (APT) group as part of a supply chain attack which managed to compromise some of its servers.

The hack on Asus' automatic update tool points to another kind of concern, in which people have to be anxious about patches from the source itself as hackers seek to exploit a trusted relationship. Kaspersky is due to publish a full report into the shenanigans.

Asus has released an update for its software update utility to rid about a million of its notebooks of a spyware-laden software update pushed to victims by its software update system. "The fix from Asus doesn't help us understand who was targeted and why".

More news: House Democrats Fall Short of Overturning Trump’s Veto