Kaspersky Lab says that thousands of Asus computers have been infected by malware via the company's own Live Update Utility tool, as hackers compromised the software and inserted a backdoor.
Dubbed "ShadowHammer," it's a supply-chain attack in that it takes advantage of a vendor's official channel to distribute malicious software. It occurred between June and November and was detected in January.
Asus Malware
As first reported by Motherboard, the hackers managed to get malware signed with a legitimate certificate and thus made it appear authentic and secure.
According to Kaspersky Lab, it managed to spot the attack thanks to its new technology that's capable of detecting supply-chain attacks.
The security company confirms that over 57,000 of its users are affected, but it estimates that the malware was distributed to almost 1 million in total. It also notes that the attackers were specifically targeting 600 MAC addresses.
How To Check If Your Computer Is Affected
To let users check whether or not their Asus-branded computers are infected with ShadowHammer, Kaspersky Lab made a page that asks for a user's MAC address to verify if their machines were part of the hackers' scope of attack.
The company included detailed instructions on what to do, but just to sum it all up, all users have to do are to go to Command Prompt (click on Start and type "command prompt" or "cmd") and type "ipconfig /all" in the console. Now users should look for the Physical Address with six hexadecimal numbers, which are their devices' MAC addresses, and paste them on the online tool one at a time. Entries labeled with "Media disconnected" can be safely ignored.
Also, Kaspersky Lab still recommends keeping Asus Live Update Utility up to date for those who are using it.
Another supply-chain attack that took place not too long ago was the CCleaner incident. It happened in June 2017 and affected about 2.3 million users, but Kaspersky Lab says the Asus malware attack this time around is bigger. An incident of this scale is also reminiscent of the notPetya attack that occurred in May 2017.
