University Crest

[wlug] Hackers Hijacked ASUS Software Updates To Install Backdoors on Thousands of Computers

wlug archive index About the wlug list Mailing lists home
To The University of Waikato HomepageWaikato Home > Waikato Mailing Lists > wlug Info > wlug archives
Peter Reutemann fracpete@w...
Tue Mar 26 09:02:25 NZDT 2019

'ASUS is believed to have pushed malware to hundreds of thousands of
customers through its trusted automatic software update tool after
attackers compromised the company's server and used it to push the
malware to machines. From a report:

Researchers at cybersecurity firm Kaspersky Lab say that ASUS, one of
the world's largest computer makers, was used to unwittingly to
install a malicious backdoor on thousands of its customers' computers
last year after attackers compromised a server for the company's live
software update tool. The malicious file was signed with legitimate
ASUS digital certificates to make it appear to be an authentic
software update from the company, Kaspersky Lab says. ASUS, a
multi-billion dollar computer hardware company based in Taiwan that
manufactures desktop computers, laptops, mobile phones, smart home
systems, and other electronics, was pushing the backdoor to customers
for at least five months last year before it was discovered, according
to new research from the Moscow-based security firm.

The researchers estimate half a million Windows machines received the
malicious backdoor through the ASUS update server, although the
attackers appear to have been targeting only about 600 of those
systems. The malware searched for targeted systems through their
unique MAC addresses. Once on a system, if it found one of these
targeted addresses, the malware reached out to a command-and-control
server the attackers operated, which then installed additional malware
on those machines. Kaspersky Lab said it uncovered the attack in
January after adding a new supply-chain detection technology to its
scanning tool to catch anomalous code fragments hidden in legitimate
code or catch code that is hijacking normal operations on a machine.
The company plans to release a full technical paper and presentation
about the ASUS attack, which it has dubbed ShadowHammer, next month at
its Security Analyst Summit in Singapore'

-- source:

Cheers, Peter
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174

More information about the wlug mailing list
NOTICE: This is an archive of a public mailing list. The University of Waikato is not responsible for its contents.

The University of Waikato - Te Whare Wananga o Waikato