Asus updates have been infected by malware
Hundreds of thousands of Asus computers would have been victims of the ShadowHammer attack, via the manufacturer's automatic update software.
According to the sites Motherboard and Kaspersky, an operation dubbed ShadowHammer would have allowed hackers to enter Asus servers to infect Asus Live Update, the computer update software brand. As a result, several hundreds of thousands of PCs may have been contaminated in turn by malware hidden in the automatic updates of the Taiwanese manufacturer.
Until November 2018, hackers gained access to Asus' infrastructure and took the opportunity to install a backdoor in the Asus Live Update software. The attack has just been made public by Kaspersky's cybersecurity experts. The fifth largest computer manufacturer in the world denies any intrusion on its servers, but the revelations of Kaspersky are particularly detailed.
We learn that hackers have managed to access Asus Live Update's broadcast servers, but not the software's compilation servers. This would have limited the number of installations of the backdoor, the contaminated file dating from 2015. In total, 57 000 infected Asus computers were identified by Kaspersky, to which must be added the machines using other anti-virus software . The victims are based in France, Germany and Russia.
The motives of the pirates are still mysterious to this day. Of the hundreds of thousands of potentially contaminated PCs, only 600 were obviously interested. Strangely enough, their MAC addresses were listed in the first malware, to start the installation of a second malware. For all other computers, Kaspersky's experts failed to identify the purpose of the attack.
To find out if your Asus computer is a victim of ShadowHammer, Kaspersky has set up an online tool.