ASUS Live Update Utility hijacked by hackers to push malware to unsuspecting users
While most of us would probably consider tools like ASUS Live Update Utility bloatware on our PCs, there are millions of users out there who just let it be. It is, without a doubt, a great way to stay up to date with trusted updates from ASUS themselves. Well, until it got hijacked, that is.
ASUS was inadvertently pushing backdoor to its users for at least five months, according to Kaspersky Lab. The backdoor is estimated to have reached 500 000 Windows machines, but the attackers were reportedly only targeting around 600 machines from a list of MAC addresses. In those targeted machines, the backdoor will communicate with the attackers’ server and download more malware onto the machines. The server has allegedly shut down in November 2018.
The attack, or what Kasperky Lab dubbed ShadowHammer, is a supply-chain attack, where trusted vendor channels are hijacked to deliver malware. People usually trust an update especially when they receive a notification telling them there is a new software update coming from the manufacturer themselves. The good news is that if you aren’t one of the 600 targeted machines, the backdoor will remain dormant, although the attackers can quickly take advantage of the access to your system to wreak havoc.
In addition to coming from a trusted channel, the updates were signed with an ASUS certificate, making it seem really legit to even the most savvy of geek out there. ASUS has reportedly not responded to contact from Kaspersky, which is quite a curious move from the Taiwanese tech giant.
Pokdepinion: Thanks for worsening my trust issues…