Half a Million ASUS Devices were Infected with BackDoors said Kaspersky

The researchers estimate half a million Windows machines received the malicious backdoor through the ASUS update server, although the attackers appear to have been targeting only about 600 of those systems. The malware searched for targeted systems through their unique MAC addresses. Once on a system, if it found one of these targeted addresses, the malware reached out to a command-and-control server the attackers operated, which then installed additional malware on those machines.

Kaspersky started a new technology in their products that is capable of detecting supply-chain attacks which can dig into the code and find the malicious activates.

Hackers modified the ASUS live update utility, which delivers BIOS, UEFI and software updates to ASUS Laptops and desktops and added a backdoor to the utility and then distributed it to the users through official channel.

The malware which was sent along with the updates was signed with a legitimate certificate and was hosted on the official ASUS server dedicated to updates, and that allowed it to stay undetected for a long time.The Hackers made sure the malicious file is of the same size as the original file.

Kaspersky believed that the malware was distributed to at least 1 Million users. However, all of the users are not targeted. Only 600 out of a million devices were targeted. Hackers targeted only a specific MAC addresses, for which the hashes were hardcoded into different versions of the utility. The malware acts as a command and control, in which the hacker can control the infected system at their wish.

Kaspersky updated this news to ASUS and they patched it perfectly now. Also most of the anti-virus will detect these kinds of attacks now. But it is preferred to re-update your ASUS systems.