Tip Us Hey you, we are hiring! Join us if you are an author, developer or designer!

Asus unknowingly dropped a malicious software update for its computers: Kaspersky

26 March 2019 4

Moscow based cyber-security firm Kaspersky Lab has revealed that hackers were able to hack one of the servers of Taiwanese technology company Asus. As a result of this hack, Asus unknowingly pushed out malware to over a million users worldwide.

Kaspersky labs have reported that more than 57,000 people had installed the malicious software on their computers after hackers attacked the server which hosts the live software update tool. This attack which took place between June and November last year was used to deliver a software update with a ‘backdoor’ that would give hackers access to thousands of computers.

“We are not able to calculate the total count of affected users based only on our data; however, we estimate that the real scale of the problem is much bigger and is possibly affecting over a million users worldwide. The trojanised utility was signed with a legitimate certificate and was hosted on the official Asus server dedicated to updates, and that allowed it to stay undetected for a long time," Kaspersky said in a blog post.

This attack shows how hackers are able to maximize the impact by targeting large technology companies and their suppliers to reach a large number of users. Kaspersky calls this method as “ShadowHammer” and has already added a supply-chain detection technology to its scanning tool. Another research company, Researchers at another cyber-security firm Symantec were also able to identify the attack against Asus users.

Kaspersky said it had already informed Asus about the attack in January and has been assisting the company in its investigation. Asus, on the other hand, issued a statement saying that it has already updated its software to "prevent any malicious manipulation in the form of software updates or other means. ASUS customer service has been reaching out to affected users and providing assistance to ensure that the security risks are removed."



Asus unknowingly dropped a malicious software update for its computers: Kaspersky
Write a comment...

There are checks before the actual update is sent out, right? Checking to see if what they are sending out is what's expected to be sent out. And still this went through?


OnePlus 8 series launch event happening on April 14


Huawei P40 series unveiled with 5G, penta cameras, and more


Samsung Galaxy Fold Android 10 update now available


Computex 2020 is rescheduled to September due to COVID-19 outbreak