ASUS pushed malware on thousands of computers – Kaspersky
TAIPEI, Taiwan (UPDATED) – Taiwanese laptop maker ASUS unknowingly pushed malware to thousands of computers after one of its servers was hacked last year, potentially affecting more than one million people, Russian cybersecurity firm Kaspersky Lab said.
More than 57,000 people installed the malicious backdoor on their ASUS computers after hackers attacked a server for the company's live software update tool, Kaspersky said in an article posted on its website on Monday.
"The trojanised utility was signed with a legitimate certificate and was hosted on the official ASUS server dedicated to updates, and that allowed it to stay undetected for a long time," the firm said.
"We are not able to calculate the total count of affected users based only on our data; however, we estimate that the real scale of the problem is much bigger and is possibly affecting over a million users worldwide," it added.
The Moscow-based firm said that its ongoing investigation found that hackers had deployed the same techniques against software from three other companies.
Kaspersky uncovered the ASUS attack, which it dubbed "ShadowHammer", in January after adding a new supply-chain detection technology to its scanning tool and is planning to release a full report on it next month.
The incident highlights the growing threat from so-called "supply-chain attacks" where malware is installed on systems during the manufacturing or assembling process or through later updates, analysts say.
ASUS, which makes computers, laptops, smartphones and other electronics, released a statement saying it had upgraded its software to "prevent any malicious manipulation in the form of software updates or other means."
ASUS appears to refute Kaspersky's findings regarding the number of devices affected, describing the incident as having affected a "small number of devices" which have been "implanted with malicious code through a sophisticated attack on our Live Update servers in an attempt to target a very small and specific user group."
ASUS also described the malware as "Advanced Persistent Threat (APT) attacks," which are "national-level attacks usually initiated by a couple of specific countries, targeting certain international organizations or entities instead of computers."
"ASUS customer service has been reaching out to affected users and providing assistance to ensure that the security risks are removed." – Rappler.com