Hijacked ASUS software updates installed backdoor on at least 0.5 million PCs

by
Sean Gallagher
from Ars Technica - All content on (#4BT5R)
GettyImages-186184730-800x543.jpg

Enlarge (credit: Getty Images)

An attack on the update system for ASUS personal computers allowed attackers to inject backdoor malware into thousands of computers, according to researchers at Kaspersky Labs. The attack, reported today on Motherboard by Kim Zetter, took place last year and dropped malicious software signed with ASUS' own digital certificate-making the software look like a legitimate update. Kaspersky analysts told Zetter that the backdoor malware was pushed to ASUS customers for at least five months before it was discovered and shut down.

Zetter reported that Kaspersky researchers estimated half a million Windows machines received the malicious backdoor via ASUS' update server. But the attack appeared intended for approximately 600 of the affected PCs.

The traces of the attack were discovered by Kaspersky in January 2019, but it actually occurred between June and November 2018. Called "ShadowHammer" by Kaspersky, the attack targeted specific systems based on a range of MAC addresses. That target group, however, was substantial. According to a blog post by a Kaspersky spokesperson:

Read 3 remaining paragraphs | Comments

index?i=pWss7W0fG9E:IvHGVJBaPMM:V_sGLiPB index?i=pWss7W0fG9E:IvHGVJBaPMM:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments