Hackers used Asus Live Update tool to distribute malicious backdoor on Windows machines

[Shawn Knight]

In context: Kaspersky said the attack managed to fly under the radar for so long due to the fact that the trojanized updater was signed using legitimate certificates from Asus. As such, nobody ever suspected anything was amiss.

Hackers in 2018 reportedly compromised a server hosting Asus’ Live Update tool and used it to distribute a malicious backdoor to unsuspecting Windows machines.

Kaspersky Lab on Monday said it discovered the sophisticated supply chain attack on Asus’ Live Update Utility in January and promptly informed the company. According to its investigation, the attack took place between June and November 2018.

Kaspersky said over 57,000 of its users have downloaded and installed the backdoored version of Asus Live Update but the issue may possibly affect over a million users worldwide.

The security company classified it as a highly sophisticated attack that matches or may even surpass recent ShadowPad and CCleaner incidents in complexity and technique. The goal of the attack, Kaspersky said, “was to surgically target an unknown pool of users, which were identified by their network adapters’ MAC addresses.” They’re calling this new attack Operation ShadowHammer.

Kaspersky has linked the attack to the ShadowPad incident from 2017. Microsoft has previously identified the actor behind that incident to be known as “Barium.”

Kaspersky created a tool that can determine if your computer was specifically targeted in the attack by comparing MAC addresses.

Kaspersky Lab plans to share a full technical paper on the matter as part of a presentation at the Security Analyst Summit in Singapore next month.

Lead image courtesy BeeBright via Shutterstock

Permalink to story.

https://www.techspot.com/news/79347-hackers-used-asus-live-update-tool-distribute-malicious.html

 

[axiomatic13]

Reason number 1,542 on why to NEVER use that CD that comes with your motherboard purchase. Just don't! If the company you are buying that motherboard does not offer the files on their website, then don't buy from them.

 

[Lionvibez]

Only novice users will do this.

I've been building computers for 20+ years and the only time you install stuff from a cd is when you have no internet access.

 

[texasrattler]

Do things even still come with CDs lol … even if they do, do you still have a cd drive installed, I know I don't. I usually just download the stuff I need.

If no internet then your SOL or you need access to a external cd drive.

 

[Nocturne]

I mean this begs the question what do you do if you don't have internet and a CD drive? They really need to start using a USB update tool with a cheap flashdrive instead of the auto update software it would make it easier to audit files installed and matching records.

 

[mbrowne5061]

Reason number 1,542 on why to NEVER use that CD that comes with your motherboard purchase. Just don't! If the company you are buying that motherboard does not offer the files on their website, then don't buy from them.

Except it looks like this attack was accomplished via compromising ASUS' servers and the downloaded software itself.

 

[nismo91]

That's what you get for not removing bloatware I guess. first thing to do after getting a new laptop: delete all bloatware. sure, some software are required for some buttons to function, but usually it's just one software, compared to many other stupidness installed.

I even deleted the "recovery" partition to gain more space, as you can always get the latest windows from MS, without having to worry about license key (integrated into bios nowadays).

 

[mcborge]

So glad I never use asus live update or any of the other bloatware that comes with thier boards. I tend to go direct to the products support page for the drivers and bios updates and keep up to date versions of everything that my mobo needs on a flash drive.

 

[lazer]

I bought a beautiful Asus tablet that worked great until I got a notice for a OS update.

Well, it killed my device.

Worse, was when I contacted Asus 'help' desk and got such stupid replies that I could not believe. For over two months I was in contact with them trying to get my device back to original factory reset but their help desk was so stupid, I finally gave up on them and have a device that works half of what it should.

Asus? the letters: they make a *** out of U....

 

[Someone8MyPosts]

Nothing drives sales for antivirus makers quite like a little fear mongering.

 

[Someone8MyPosts]

I mean this begs the question what do you do if you don't have internet and a CD drive? They really need to start using a USB update tool with a cheap flashdrive instead of the auto update software it would make it easier to audit files installed and matching records.

My guess is that if you have no internet or CD drive, then nothing is going to help you.

 

[lazer]

I bought a beautiful Asus device and it worked very well until I got a notice to upgrade my OS so I did it. Well the upgrade caused my device to continually re-boot over and over again. I contacted their help desk and then realized they were as stupid as sh!t and after about 20 emails going over a few months, I finally realized there was nothing to do.

By that time the warranty had expired and the device is crap.

ASUS is the letters rearranged: they make an A$$ out of U.....

Never buy asus, looks great but help desk is dumb dumb dumb.....