Hijacked ASUS software updates installed backdoor on at least 0.5 million PCs


An attack on the upgrade system for ASUS desktop computers running Microsoft Windows permitted aggressors to inject backdoor malware into countless computer systems, according to scientists at Kaspersky Labs. The attack, reported today on Motherboard by Kim Zetter, happened in 2015 and dropped destructive software application signed with ASUS’ own digital certificate– making the software application appear like a genuine upgrade. Kaspersky experts informed Zetter that the backdoor malware was pressed to ASUS clients for a minimum of 5 months prior to it was found and closed down.

The traces of the attack were found by Kaspersky in January 2019, however it really took place in between June and November2018 Called “ShadowHammer” by Kaspersky, the attack targeted particular systems based upon a series of MAC addresses. That target group, nevertheless, was significant. According to an article by a Kaspersky representative:

Over 57,000 Kaspersky users have actually downloaded and set up the backdoored variation of ASUS Live Update eventually in time … We are unable to determine the overall count of impacted users based just on our information; nevertheless, we approximate that the genuine scale of the issue is much larger and is potentially impacting over a million users worldwide.

Almost half of the impacted systems found by Kaspersky were computer systems in Russia, Germany, and France– though this number might be more representative of where Kaspersky users with ASUS computer systems were instead of the real geographical circulation. The domain related to the attack, asushotfix.com, was hosted on a server with an IP address in Russia.

The backdoor malware was discovered when Kaspersky included brand-new code to its endpoint-protection tool. That tool is targeted at identifying supply-chain security breaches by scanning the contents of signed software application updates for malware concealed within genuine upgrade code. A complete paper on the ASUS attack will exist in April at Kaspersky’s Security Expert Top in Singapore.

Supply-chain attacks– efforts to jeopardize the facilities that provides software application updates or the designers’ own software application advancement operations– are on the increase. In October 2018, 2 different supply-chain attacks were exposed: one on the VestaCP control board software application utilized to handle shared hosting environments and another on a popular Python code repository. These sorts of attacks can spread out destructive code extensively throughout systems, making them quickly visible and susceptible to takeover by an enemy.