Half a Million ASUS Devices were Infected with BackDoors said Kaspersky
The researchers
estimate half a million Windows machines received the malicious backdoor
through the ASUS update server, although the attackers appear to have been
targeting only about 600 of those systems. The malware searched for targeted
systems through their unique MAC addresses. Once on a system, if it found one
of these targeted addresses, the malware reached out to a command-and-control
server the attackers operated, which then installed additional malware on those
machines.
Kaspersky started a
new technology in their products that is capable of detecting supply-chain
attacks which can dig into the code and find the malicious activates.
Hackers modified the
ASUS live update utility, which delivers BIOS, UEFI and software updates to
ASUS Laptops and desktops and added a backdoor to the utility and then distributed
it to the users through official channel.
The malware which was
sent along with the updates was signed with
a legitimate certificate and was hosted on the official ASUS server dedicated
to updates, and that allowed it to stay undetected for a long time.The Hackers made sure the malicious file is of the same size as the original file.
Kaspersky believed that the
malware was distributed to at least 1 Million users. However, all of the users
are not targeted. Only 600 out of a million devices were targeted. Hackers
targeted only a specific MAC
addresses, for which the hashes were hardcoded into different versions of the
utility. The
malware acts as a command and control, in which the hacker can control the
infected system at their wish.
Kaspersky updated this news to
ASUS and they patched it perfectly now. Also most of the anti-virus will detect
these kinds of attacks now. But it is preferred to re-update your ASUS systems.
No comments: