The Asus software update system has been hacked and used to distribute malware to about 1 million Windows computers, according to the same source. cybersecurity firm Kaspersky Lab. The malware was disguised as a "critical" software update, distributed from the Asus servers, and signed with the help of a genuine Asus certificate that made it appear valid. The details of the hack were first revealed by Motherboardand Kaspersky plans to publish more details about a next conference.
What the pirates were looking for was not clear. However, the hackers appeared to target specific Asus customers: the malware contained special instructions for 600 systems, to be identified by specific MAC addresses. Once one of these systems is detected, the update will install more malicious programs to further compromise the system.
Kaspersky called the attack "ShadowHammer". This type of targeting is often associated with spyware attacks by nation states, especially Stuxnet, which has spread widely but caused little or no damage to most infected systems.
It does not appear that Asus has contacted customers or taken steps to stop the malware. Asus did not immediately respond to a request for comment, and Motherboard said that it was impossible to get a comment from Asus for several days. Asus apparently denied that the malware came from his servers after being contacted by Kaspersky, and he stopped responding, according to the newspaper. Motherboard.
The malware could have been distributed to 1 million computers, says Kaspersky. Motherboard Kaspersky said that 57,000 people using its security software had installed the malware, Kaspersky told Symantec. Motherboard that he has identified 13,000 customers with the malware.
The hacking of a company's update system allows malicious actors to break computers on a large scale. This is not often the case, but the fact that it is possible to do so is a huge risk. Work is in progress develop safer updating systems, but for now, companies rely on their own solutions.