Using the latest technology, expertsKaspersky Labs were able to detect the attack of the hacker group ShadowHammer, which allows infecting Asus laptops and desktops directly from the manufacturer’s servers. The attackers have created a backdoor built into Asus Live Update that supplies BIOS, UEFI, and software updates for computers.
According to cybersecurity experts,the malicious "... Trojan was signed with a legitimate certificate and placed on the ASUS update server." The hacker programs implemented on the official servers have long gone unnoticed, since the hackers carefully masked them, even the size of the malicious program was identical to the official utilities. Kaspersky Lab specialists suggest that the malware was downloaded by 57 thousand users who have Kaspersky anti-virus software installed. The total number of users affected by the ShadowHammer actions can reach one million.
Meanwhile, the hacker attack was focused oncertain computers. The hashes of 600 pre-defined MAC addresses were sewn into various versions of the utility. Kaspersky Lab provides a special program with which users can check whether their PC is on the list of criminals.
When infecting a computer hacker programChecked the MAC address of the device and compared it with a list of 600 addresses. If the required address was found, the next stage of the malware download was activated. Otherwise, the hacker utility simply showed no activity, which allowed the criminal software to remain undetected for a long time.
According to experts, infection other than Asuscomputers of three more manufacturers, whose name was not disclosed, were subjected. All companies were immediately notified of the problem. Experts advise to upgrade Asus Live Update Utility.
Asus confirmed the problem andinfection Asus Live Update Utility. At the same time, it is claimed that a small number of computers are infected, and Asus contacts users to solve the problem, and protection against such hacker attacks is already integrated into Asus Live Update Utility. In addition, ASUS added an additional “security diagnostics” tool to scan a PC to determine if a particular user's computer was affected by the infection.
Source: asus.com, theverge.com