Check Your Asus Laptop For Malware Right Now

Judy Cobb
March 26, 2019

One of the world's largest PC vendors, ASUS manufactures desktop computers, laptops and mobile phones.

Kaspersky Lab on Monday said it discovered the sophisticated supply chain attack on Asus' Live Update Utility in January and promptly informed the company. The dodgy version was offered between June and November 2018, according to Kaspersky.

Kaspersky said that more than 57,000 of its users had downloaded and installed the compromised Asus update but the hackers meant to target a smaller number of unknown victims.

"We are not able to calculate the total count of affected users based only on our data; however, we estimate that the real scale of the problem is much bigger and is possibly affecting over a million users worldwide", Kaspersky said.

While it's capable of attacking millions, the malware had a specific set of targets, researchers found. If the MAC addresses of the affected system matched the list, the malware will then download another set of infection into the system. Kaspersky notes that the attack seemed to be targeting an "unknown pool of users" by the MAC addresses associated with their network adapters. Once it was installed, the backdoor checked the device's MAC address.

Kaspersky believes the attack remained undetected for so long as the software was signed with legitimate ASUS security certificates, such as with "ASUSTeK Computer Inc". The folks at Kaspersky say that they first discovered the existence of Operation ShadowHammer on January 29, and has been performing forensic analysis on the security exploit ever since.

God sent Trump to save Israel, Pompeo suggests
Next to the Western Wall is a hilltop compound revered by Jews as the Temple Mount and by Muslims as the Noble Sanctuary. Embassy there from Tel Aviv, prompting the Palestinians to sever ties with the administration.

"They were not trying to target as many users as possible", Kamluk continues. However, Kaspersky is not the only security outfit to trace the malware samples back to Asus.

ASUS Live Update is intended for ensuring computer systems, such as drivers, apps, BIOS, and UEFI all receive upgrades and patches when they are due, but it is this valuable utility that cyberattackers have managed to compromise.

However, only a small number of users appeared to be of any interest to the attackers.

Kaspersky has linked the attack to the ShadowPad incident from 2017.

"This is the worst kind of supply chain attack", said Matt Blaze, adjunct computer science prof and crypto-guru, in response to the revelations.

This mode of operation led Kaspersky Lab to compare the attack to the infamous Stuxnet, a widely speculated US/Israeli-developed cyberweapon, which was also distributed indiscriminately but did little to no harm on most infected systems. Once installed, it would search for pre-determined MAC addresses, hinting toward the targeted nature of this attack, and, if found, connect to a third-party server that would install malware on these machines.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER