CYBER NEWS

ASUS Software Updates Used to Install ShadowHammer Backdoor

Kaspersky Lab researchers made an alarming discovery. ASUS, one of the biggest computer makers, was used to install a malicious backdoor on customers’ machines.




The installation took place last year after hacker compromised a server for the maker’s live software update tool. It appears that the malicious file was signed with legitimate ASUS certificates, making it look like authentic software updates issues by the company.

Malicious Backdoor Installed on Half a Million ASUS Computers

According to Kaspersky researchers, half a million Windows computers were affected by the malicious backdoor via the ASUS update server. It is curious to note that the attackers seem to have been targeting only about 600 of these systems, making the attack targeted. The malicious operation used the machines’ MAC addresses to target them successfully. After the malware sneaked into a system, it communicated with the command-and-control server, which then installed more malware.

The attack was discovered in January, shortly after Kaspersky added a new supply-chain detection technology to its scanning tool. It appears that the investigation is still in progress and full results and technical paper will be published during SAS 2019 conference, Kaspersky said in their report which revealed some technical details about the attack. The attack itself has been dubbed ShadowHammer.

The goal of the attack was to surgically target an unknown pool of users, which were identified by their network adapters’ MAC addresses. To achieve this, the attackers had hardcoded a list of MAC addresses in the trojanized samples and this list was used to identify the actual intended targets of this massive operation. We were able to extract more than 600 unique MAC addresses from over 200 samples used in this attack. Of course, there might be other samples out there with different MAC addresses in their list.

Related:
CCleaner, ?the world?s most popular PC cleaner? has been backdoored, researchers still haven?t figured out the details surrounding the hack.
Backdoor in CCleaner Affects Millions, Reason Behind Hack Unknown.

The researchers contacted ASUS and informed them about the attack on Jan 31, 2019, supporting their investigation with IOCs and descriptions of the malware. “We believe this to be a very sophisticated supply chain attack, which matches or even surpasses the Shadowpad and the CCleaner incidents in complexity and techniques,” the researchers said.

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the beginning. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...