Security researchers from Kaspersky have found that ASUS was unknowingly installing a malicious backdoor on its customer’s computers. Operation ShadowHammer is a newly discovered supply chain attack that leveraged ASUS Live Update software. The malicious file was passed as legit since it was signed with ASUS digital certificates. In other words, the automatic software update tool from Asus is actually a malicious backdoor for attackers.
Operation ShadowHammer compromised ASUS Live Update software
The extent of the exploit seems to be severe. According to estimates, half a million Windows machines have been installed with the malicious backdoor via the ASUS update server. Furthermore, the malware functions by searching for the targeted systems with the help of MAC addresses. In the next step, the malware locks on to the desired target and reaches to a command-and-control server. This server is operated by attackers, and they end up installing additional malware on the machines.
Kaspersky Lab had unearthed the attack back in January. The malware was caught after Kaspersky added a new supply-chain detection technology with an intention to catch anomalous code fragments that are hidden in legit codes. As part of its efforts, the company is also planning on releasing a full technical paper that details the ASUS attack at the Security Analyst Summit next month in Singapore.
Vitay Kamluk, Asia-Pacific director of Kaspersky, was quoted as follows,
“This attack shows that the trust model we are using based on known vendor names and validation of digital signatures cannot guarantee that you are safe from malware.”
He also pointed out that Asus denied that its server was compromised. However, the malware samples trail lead to the Asus server, says vice.com.
Asus is a multi-billion dollar company that deals in computers, smartphones, smart home systems, and laptops. A Moscow-based security firm added that the Asus was pushing the backdoor to customers for the last five months.
We hope that companies like Asus become more proactive in owning up instead of brushing exploits under the carpet.