So claims Kaspersky, with malware being delivered by Asus’ own update utility
Update: Asus has been in contact to confirm that its laptops have been subjected to an attack, and outlined its steps to fix the security issue. Read our full story on Asus’ response to the attack for more information.
It appears that Asus is in some hot water after being compromised by hackers, who have hijacked the laptop maker’s update service to push malicious softwareonto Asus devices.
This is according to security firm Kaspersky, who wrote a blog post describing how the hackers managed to gain access to the Asus Live Update Utility – which delivers software updates to Asus notebooks and PCs – using it to install a backdoor on machines around the world.
Apparently, this backdoor – given the suitably ominous codename ShadowHammer – was delivered to an estimated one million Windowscomputers, or thereabouts, a rather staggering amount over a period of five months.
The slightly better news – at least compared to that jaw-flooring distribution statistic – is that the hackers were seemingly only interested in targeting a minority of those machines: 600 of them in fact. These PCs had further malware installed on them via the backdoor.
The malicious file was cleverly disguised in that it was signed with authentic Asus digital certificates, and the perpetrators made sure the file size of the update utility remained exactly the same as the original so as not to raise any suspicions on that front.
The fact that the hackers only actively exploited a small number of machines also helped the malware stay under the radar. Now the cat is out of the bag, though, perhaps there is a danger that a wider campaign of malicious activity could be opened up.
Further trouble down the road?
Kaspersky further notes that its investigation is still ongoing, and that attacks using the same techniques have apparently been aimed against software (presumably update routines) from three other PC manufacturers.
These companies have all been notified, as has Asus – so who knows, we may shortly hear more about further potential compromises when it comes to other notebook makers.
Kaspersky has naturally updated its own security software to detect and block this malware, but advises that owners of Asus machines should still update the Asus Live Update Utility.
We have contacted Asus for a comment on ShadowHammer, and you can read our full report on Asus’ response.
As well as Kaspersky, rival security outfit Symantec has also found evidence of infection by this malware, with at least 13,000 PCs with Symantec antivirus software installed being hit by the backdoor.