Hackers have targeted over a million Asus devices by compromising system updates to install a malicious backdoor software on Windows computers, according to a blog post by cybersecurity firm Kaspersky Lab.
The attack, which Kaspersky Lab, named as “ShadowHammer” is often associated with espionage attacks by nation states, most notably Stuxnet, which spread widely but causes minimal damage on most infected computers.
Hackers were able to infiltrate Asus’ update services, which is used to distribute BIOS, UEFI, and software updates to ASUS laptops and desktops, and modify the ASUS Live Update Utility to deliver a trojanised payload.
Kaspersky believes that more than 57,000 users of Kaspersky Lab’s products have installed the backdoored utility but estimates that it was distributed to around 1m people in total.
The trojanised utility was signed with a legitimate Asus certificate and was hosted on the official ASUS server, which is why it was able to remain undetected for such a long time. The hackers even made sure that the hacked file size matched the original one.
Despite having put so much effort into backdooring the software, it’s not clear what the hackers were after. However, the hackers specifically targeted a pool of 600 computers identified by their MAC address.
While investigating the attack, researchers found out that identical techniques were used against software from three other vendors.
Kaspersky said that they’ve notified ASUS and other companies about the attack, and the investigation is still ongoing.
Kaspersky also suggests that if you’re an ASUS user, for you to update the ASUS Live Update Utility.