Yesterday, Motherboard revealed that Taiwanese computer hardware company ASUS was used to install backdoors on thousands of its customers’ computers, according to researchers from cybersecurity firm Kaspersky Lab. ASUS confirmed Motherboard's reporting in a press release published Tuesday morning.
According to the press release, ASUS Live Update—a software update tool for ASUS devices—had been targeted by Advanced Persistent Threat (APT) attacks. An APT, or Advanced Persistent Threat, is an infosec industry term for government hackers or, more rarely, highly organized criminal groups.
“A small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers in an attempt to target a very small and specific user group,” the ASUS press release states. “ASUS customer service has been reaching out to affected users and providing assistance to ensure that the security risks are removed.”
Kaspersky Lab claimed they found the malware, which it dubbed ShadowHammer, on 57,000 computers. However, the company estimates that many more devices may have been compromised.
The ASUS press release states the backdoor was fixed in the latest version of its Live Update software. ASUS also said that it’s introduced end-to-end encryption, and more security verification tools for customers. Additionally, ASUS also created a tool which it claims will determine whether a customer’s system was affected.
According to Motherboard’s reporting, the software with the backdoor was being pushed to Windows machines for at least five months in 2018. The backdoor was discovered by Kaspersky Lab in January 2019, and they estimate that 600 of those ASUS customers were targeted through the backdoor.
Listen to CYBER, Motherboard’s new weekly podcast about hacking and cybersecurity.