It appears that Asus is in some hot water after being compromised by hackers, who have hijacked the laptop maker’s update service to push malicious software onto Asus devices.
This is according to security firm Kaspersky, who wrote a blog post describing how the hackers managed to gain access to the Asus Live Update Utility – which delivers software updates to Asus notebooks and PCs – using it to install a backdoor on machines around the world.
Apparently, this backdoor – given the suitably ominous codename ShadowHammer – was delivered to an estimated one million Windows computers, or thereabouts, a rather staggering amount over a period of five months.
- Android banking malware is hitting more users than ever
- McAfee warns that 2019 could be the year of ‘everywhere malware’
- We’ve picked out all of today’s best antivirus software
The slightly better news – at least compared to that jaw-flooring distribution statistic – is that the hackers were seemingly only interested in targeting a minority of those machines: 600 of them in fact. These PCs had further malware installed on them via the backdoor.
The malicious file was cleverly disguised in that it was signed with authentic Asus digital certificates, and the perpetrators made sure the file size of the update utility remained exactly the same as the original so as not to raise any suspicions on that front.
The fact that the hackers only actively exploited a small number of machines also helped the malware stay under the radar. Now the cat is out of the bag, though, perhaps there is a danger that a wider campaign of malicious activity could be opened up.
Further trouble down the road?
Kaspersky further notes that its investigation is still ongoing, and that attacks using the same techniques have apparently been aimed against software (presumably update routines) from three other PC manufacturers.
These companies have all been notified, as has Asus – so who knows, we may shortly hear more about further potential compromises when it comes to other notebook makers.
Kaspersky has naturally updated its own security software to detect and block this malware, but advises that owners of Asus machines should still update the Asus Live Update Utility.
We have contacted Asus for a comment on ShadowHammer, and will update this story with the company’s response when we (hopefully) receive it.
As well as Kaspersky, rival security outfit Symantec has also found evidence of infection by this malware, with at least 13,000 PCs with Symantec antivirus software installed being hit by the backdoor.
- We’ve picked out the best laptops of 2019