Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers
1 view
Skip to first unread message
Bipin Gautam
Mar 29, 2019, 11:58:10 AM3/29/19
to Nepali computer security and hacking community
comment : this is the reason software company need to build 'turn off'
feature ... for auto-update for security and privacy reasons!
mobile platform like android and iOS ... are 100 times terrible
compared to desktop os like windows or oss distros.
...
Hackers Hijacked ASUS Software Updates to Install Backdoors on
Thousands of Computers
The Taiwan-based tech giant ASUS is believed to have pushed the
malware to hundreds of thousands of customers through its trusted
automatic software update tool after attackers compromised the
company’s server and used it to push the malware to machines.
Researchers at cybersecurity firm Kaspersky Lab say that ASUS, one of
the world’s largest computer makers, was used to unwittingly install a
malicious backdoor on thousands of its customers’ computers last year
after attackers compromised a server for the company’s live software
update tool. The malicious file was signed with legitimate ASUS
digital certificates to make it appear to be an authentic software
update from the company, Kaspersky Lab says.
ASUS, a multi-billion dollar computer hardware company based in
Taiwan that manufactures desktop computers, laptops, mobile phones,
smart home systems, and other electronics, was pushing the backdoor to
customers for at least five months last year before it was discovered,
according to new research from the Moscow-based security firm.
The researchers estimate half a million Windows machines received
the malicious backdoor through the ASUS update server, although the
attackers appear to have been targeting only about 600 of those
systems. The malware searched for targeted systems through their
unique MAC addresses. Once on a system, if it found one of these
targeted addresses, the malware reached out to a command-and-control
server the attackers operated, which then installed additional malware
on those machines.
Kaspersky Lab said it uncovered the attack in January after adding
a new supply-chain detection technology to its scanning tool to catch
anomalous code fragments hidden in legitimate code or catch code that
is hijacking normal operations on a machine. The company plans to
release a full technical paper and presentation about the ASUS attack,
which it has dubbed ShadowHammer, next month at its Security Analyst
Summit in Singapore. In the meantime, Kaspersky has published some of
the technical details on its website...
[...]
https://motherboard.vice.com/en_us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-backdoors-on-thousands-of-computers
feature ... for auto-update for security and privacy reasons!
mobile platform like android and iOS ... are 100 times terrible
compared to desktop os like windows or oss distros.
...
Hackers Hijacked ASUS Software Updates to Install Backdoors on
Thousands of Computers
The Taiwan-based tech giant ASUS is believed to have pushed the
malware to hundreds of thousands of customers through its trusted
automatic software update tool after attackers compromised the
company’s server and used it to push the malware to machines.
Researchers at cybersecurity firm Kaspersky Lab say that ASUS, one of
the world’s largest computer makers, was used to unwittingly install a
malicious backdoor on thousands of its customers’ computers last year
after attackers compromised a server for the company’s live software
update tool. The malicious file was signed with legitimate ASUS
digital certificates to make it appear to be an authentic software
update from the company, Kaspersky Lab says.
ASUS, a multi-billion dollar computer hardware company based in
Taiwan that manufactures desktop computers, laptops, mobile phones,
smart home systems, and other electronics, was pushing the backdoor to
customers for at least five months last year before it was discovered,
according to new research from the Moscow-based security firm.
The researchers estimate half a million Windows machines received
the malicious backdoor through the ASUS update server, although the
attackers appear to have been targeting only about 600 of those
systems. The malware searched for targeted systems through their
unique MAC addresses. Once on a system, if it found one of these
targeted addresses, the malware reached out to a command-and-control
server the attackers operated, which then installed additional malware
on those machines.
Kaspersky Lab said it uncovered the attack in January after adding
a new supply-chain detection technology to its scanning tool to catch
anomalous code fragments hidden in legitimate code or catch code that
is hijacking normal operations on a machine. The company plans to
release a full technical paper and presentation about the ASUS attack,
which it has dubbed ShadowHammer, next month at its Security Analyst
Summit in Singapore. In the meantime, Kaspersky has published some of
the technical details on its website...
[...]
https://motherboard.vice.com/en_us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-backdoors-on-thousands-of-computers
Reply all
Reply to author
Forward
0 new messages