ASUS Live Update delivers malware for months

ASUS Live Update Utility: A new advanced persistent threat (APT) detected by Kaspersky Lab in January of 2019 seems to run from June to November of 2018.

The threat is reported to have affected more than one million users who have downloaded data from ASUS Live Update Utility on their computers.ASUS Live Update

The team Research and Analysis (GReAT) of Kaspersky Lab named this malicious campaign Operation ShadowHammer and as first reported by Kim Zetter, it led to the download and installation of data from a backdoored version of ASUS Live Update over 57.000 users using Kaspersky products (on PCs of ASUS of course).

While Kaspersky was able to stop most downloads from the trojanized ASUS Live Update, the company's research team estimates that over one million users are infected.ASUS Live Update Utility

According to GReAT:

ASUS Live Update is a utility that comes pre-installed on most ASUS computers. It is used for certain components such as BIOS, UEFI, drivers and applications

And it continues:

According to Gartner, ASUS was the fifth largest company worldwide by 2017. This makes the company a highly attractive target for APT groups who may want to take advantage of the breadth of their users.

As GReAT reports, there were multiple versions of infected in the ASUS Live Update shared targeting "unknown groups of users, identified by MAC addresses".

Attackers behind ShadowHammer have used a hardcoded list of MAC addresses to target the distribution of malicious software. Kaspersky managed to gather more than 600 MAC addresses from 200 malware samples used in this attack.

Kaspersky researchers also discovered that the infected Live Update was digitally signed with legitimate certificates from “ASUSTeK Inc.” certificates hosted on the official (liveupdate01s.asus[.]com and liveupdate01.asus[.]com) ASUS update servers.

If you're worried about your Asus computer, Kaspersky released one offline application and an online web checkerto check if your systems have been dropped by Operation ShadowHammer.

For testing, we compare your MAC address with the list of hardcoded addresses we discovered in malware.

___________________

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).