Owners of Asus computers need to be aware of a significant issue that has surfaced. Kaspersky Lab has revealed that Asus’ software update program had been cracked by hackers and used to deliver malware to hundreds of thousands of Asus computer users. Malware sent out by the updater software installed a malicious backdoor on thousands of customer computers.
The attackers were able to insert the malicious code into the updater software after compromising a server for the live software update tool. With access to the server, the hackers were able to sign the malicious software with legitimate Asus digital certificates to make the malware appear as legitimate software from the company.
The malicious backdoor software was pushed out to Asus customers for at least five months in 2018 before it was discovered reports Motherboard. Estimates are that half a million windows machines received the malicious software backdoor via the Asus server.
Kaspersky: ASUS pushed a malicious backdoor to ~500K Windows machines for at least five months last year, after its live software update tool was compromised (@kimzetter / Motherboard)https://t.co/g6WByxiNHlhttps://t.co/1jIAB8McYo
— Techmeme (@Techmeme) March 25, 2019
Kaspersky Lab says that it appears the attackers were only targeting about 600 of the infected systems. The backdoor specifically searched for the unique MAC address of the target systems, and if found, the software reached out to a C&C server operated by the attackers and more malware was installed on those computers. Kaspersky discovered the attack in January.