Published: Wed, March 27, 2019
Tech | By Constance Martin

Almost a million ASUS computer users infected by malware in automatic update

Almost a million ASUS computer users infected by malware in automatic update

We were able to extract more than 600 unique MAC addresses from over 200 samples used in this attack.

Most of the victims Kaspersky saw were from Russia, Germany and France, although users in a number of countries were impacted.

If you're anxious your PC might have been infected, there is a tool you can use to see if your machine has the malware installed.

The Taiwanese computer company ASUS is acknowledging that suspected nation-state hackers planted malware on its online automatic update service in a sophisticated and targeted espionage operation.

Kaspersky Lab said it has uncovered more than 57,000 users with the backdoored utility, and the firm estimates that about 1 million users were affected in total.

Kaspersky said that more than 57,000 of its users had downloaded and installed the compromised Asus update but the hackers meant to target a smaller number of unknown victims.

The world's No. 5 computer company said it fixed the compromised updating software, which automatically sends drivers and firmware to ASUS laptops when authorized by users.

"While Asus may have released a fix, if you've already been compromised that might not be enough".

Airbus secures mammoth China deal in fresh blow to Boeing
Günther Öttinger, European commissioner for budget and human resources, has urged the EU to veto Italy's deal with Beijing. All the deals, including one on French exports to China of frozen chicken, amount to a total of some $40 billion.

The attackers were able to infect devices without raising red flags because they used Asus' legitimate security certificate, which was hosted on the computer manufacturer's servers. That will take you to a support page, where you can download the latest Live Update software.

The chief of NSA's TAO group also said in the past that exploiting OEMs' software for notebooks is one of the easiest ways to hack a computer, because of how vulnerable these software tools tend to be and how little care laptop vendors tend to have for security in general.

ASUS also shared a tool that users can download and run to "check for affected systems".

"We saw the updates come down from the Live Update Asus server".

In fact, the company's press release is somewhat disrespectful to both Kaspersky and its customerbase.

Several media outlets (including Notebookcheck) reported on a large-scale attack carried out by an advanced persistent threat (APT) that targeted Asus-made computers. "This new campaign is yet another example of how sophisticated and unsafe a smart supply chain attack can be nowadays".

Asus also said it had created a scanning tool [.zip file] to let customers check if their PC is among those afflicted.

Instead of working with Kaspersky to address this incident in a coordinated matter and provide all the information users needed, ASUS tried to bury the story, and it backfired spectacularly.

Like this: