Skip to main content
  1. Home
  2. Computing
  3. News

Own an Asus computer? Malware might be hiding in your system

By
Asus ZenBook 14 UX433FN
Mark Coppock/Digtial Trends

If you own an Asus computer, your system might have been infected by malware distributed from the tool you typically use to update BIOS and install other important security patches. That’s all according to a new report from researchers at the Russian-based cybersecurity company, Kaspersky Lab.

The initial hack was first discovered in January and, in the period of five months, could have impacted up to one million different computers. According to Kaspersky, hackers apparently leveraged a back door attack and modified the ASUS Live Update Utility so it delivered a payload with malware — making it seem as though it was coming from official sources.

Recommended Videos

The backdoor was given the name “ShadowHammer” and peaked between June and November 2018. Up to 57,000 people using Kaspersky software were impacted, though it is believed that only 600 specific computers were originally intended as targets. Hackers even went as far as to ensure that the files were signed with authentic digital certificates — and to make sure that file sizes were the same size as ones distributed by Asus.

Related

In response, Asus has released an online security diagnostic tool which helps check for affected systems. The company encourages users who are concerned to run it as a precaution. A fix in the latest version (3.6.8) of the Live Update Software addresses the issue and introduces multiple security verification mechanisms and end-to-end encryption to prevent malicious manipulation in the form of security updates.

Asus has also updated and strengthened its server-t0-end user software architecture to prevent similar attacks from happening in the future.

“Asus Live Update is a proprietary tool supplied with ASUS notebook computers to ensure that the system always benefits from the latest drivers and firmware from ASUS. A small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers in an attempt to target a very small and specific user group,” said Asus in a statement.

Other than Kaspersky Lab, Symantec, a cybersecurity firm based in the United States, also confirmed the discovery of the ShadowHammer malware. According to a report from Motherboard, up to 13,000 computers running Symantec software were impacted.

This type of supply-chain attack is not necessarily new. Back in 2017, the popular CCleaner system maintenance application was found to have distributed malware to millions of computers through its official channels. That was eventually patched, but not before the attacks went on for a period of 22 days. These attacks are also designed to reduce trust in legitimate sources and institutions.

Updated on March 27 with a statement from Asus, and additional information on online security diagnostic tool

Editors' Recommendations

Topics
Arif Bacchus
Arif Bacchus
Computing Writer
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
Asus’ latest move might save your RTX 4090 from melting
Nvidia GeForce RTX 4090 is shown along with a hand holding the power cable adapter.

Asus recently announced that people can request a free, 16-pin graphics power cable to provide more peace of mind for owners of an issue-plagued Nvidia card. With only a single mention of the 40-series, it's immediately apparent that this is being offered as a possible solution to the Nvidia GeForce RTX 4090 card's melting connector problem.

Before reaching out to Asus for your free cable, it's important to note that only owners of the 750-watt or greater power supplies qualify, including the first-generation Asus ROG Thor and Strix. You can request a free cable if you own one of these PSUs with an output of 750W or more. Asus posted the offer on social media sites such as Bilibili, as noted by Tom's Hardware.

Read more
Hackers are infiltrating news websites to spread malware
A black fedora rests on top of newspapers infected with spreading green lines..

Some alarming news broke today that hundreds of U.S. news websites are unwittingly playing a big role in a new malware campaign that's disguised as a Chrome browser update. This is quite a devious attack method since it's considered an important security practice to update your browser as soon as possible.

The way hackers are delivering the malware is also clever. It’s coming via an advertising network that also supplies video content to newspaper websites across the nation. It’s difficult to identify and shut down this attack because it is applied intermittently. According to a tweet by the security research team Threat Insight, the JavaScript code is being changed back and forth from the normal harmless ad delivery script to the one that includes the hacker code that shows a false update alert.

Read more
This new malware is targeting Facebook accounts – make sure yours is safe
Facebook logo appears with a hooded figure over a cracked blue background.

In the ongoing barrage of cyberattacks, Facebook users are being targeted by a new version of the Ducktail malware that originally surfaced in July. The first implementation was specifically aimed at Facebook Business accounts, but it has recently become a more widespread danger.

The latest version of Ducktail collects any and all Facebook data available on an infected computer. If it happens to be a business account, payment methods could be discovered, putting your money at risk. Furthermore, Facebook Business data might include billing information and cycles, which could be used to help disguise unauthorized purchases.

Read more