Hackers hijack ASUS update tool to infect thousands with malware
Taiwan-based computer manufacturer ASUS has released an important update after its own Live Update tool installed malware onto the computers of hundreds of thousands of their customers.
Here’s a brief FAQ rundown of the very curious case of this particular malware attack.
Wait, did you say ASUS infected their own customers with malware?
Yes, though not intentionally. Basically, cyber crooks managed to compromise one of the ASUS servers responsible for providing updates (such as firmware, software and BIOS updates) to ASUS computers. It works in a similar way to Windows Updates. The crooks infected the server with their own malware, and managed to exploit vulnerable digital certificates belonging to ASUS to make the malware appear to be digitally signed by ASUS.
An unaware ASUS then pushed the malware onto a large number of their own customers. The malware actually posed as an update to the Live Update tool used for downloading and managing… you guessed it… updates.
This type of attack is called a supply chain attack. That means it’s the developer or manufacturer that – either intentionally or totally obliviously – is pushing the malware onto their customers.
Sponsored Content. Continued below...
How many people were infected?
Upwards to a million. Certainly hundreds of thousands, from all over the globe. Security firm Symantec said 13,000 of machines running their antivirus software were infected. ASUS has stated that only notebook computers would have received the malware.
When did it happen?
The malware was rolled out to ASUS customers between June and November 2018. Security researchers at Kaspersky detected the attack in early 2019 and ASUS have just recently released a fix.
What does the malware do?
For most people who were infected, absolutely nothing, and that’s the curious part to this attack.
Kaspersky, the security firm that first recorded the attack, noted that the malware would lie dormant if it wasn’t one of 600 specific machines that the malware was looking for. Every device that can connect to a network (e.g. PC, laptop etc.) has a unique network MAC address. The malware would look for 600 specific MAC addresses that were written into its code. If it didn’t find one of the 600 MAC addresses it was looking for, the malware would do very little, merely lying dormant (though it could still pose a risk.) If it did find one, then it would connect to a “command and control” server, presumably to try and download further malware with a different objective.
But the server isn’t online anymore, so no one really knows what that second malware payload was. Nor does anyone really know where those 600 targeted computers are, or why the malware was specifically looking for them. For now, that’s all a mystery.
Sponsored Content. Continued below...
I have an ASUS computer. What should I do?
First, you can check if your machine was one of the 600 detected by entering your MAC address on Kaspersky’s website here. (Click here to learn how to find your device’s MAC address.) It’s pretty unlikely, but it might be worth checking anyway.
Secondly and most importantly, you should download the latest version of ASUS Live Update, and you can get that from the ASUS website here.