Hijacked ASUS software updates installed backdoor on at least 0.5 million PCs

Enlarge (credit: Getty Images)
An attack on the update system for ASUS personal computers allowed attackers to inject backdoor malware into thousands of computers, according to researchers at Kaspersky Labs. The attack, reported today on Motherboard by Kim Zetter, took place last year and dropped malicious software signed with ASUS’ own digital certificate—making the software look like a legitimate update. Kaspersky analysts told Zetter that the backdoor malware was pushed to ASUS customers for at least five months before it was discovered and shut down.
Zetter reported that Kaspersky researchers estimated half a million Windows machines received the malicious backdoor via ASUS' update server. But the attack appeared intended for approximately 600 of the affected PCs.
The traces of the attack were discovered by Kaspersky in January 2019, but it actually occurred between June and November 2018. Called “ShadowHammer” by Kaspersky, the attack targeted specific systems based on a range of MAC addresses. That target group, however, was substantial. According to a blog post by a Kaspersky spokesperson:
Read 3 remaining paragraphs | Comments