Asus Live Update Driver
Hackers compromised Asus's Live Update tool to distribute malware to almost 1 million people. Here's how to see if your computer has it. ASUS Live Update is an online update driver. It can detect when there is a new version of the program available from the ASUS Website and will automatically update your BIOS, Drivers, and/or Applications. The Biostar BIOS online update utility allows you to download the latest BIOS. While Kaspersky has only been able to count the total numbers of users infected by the trojanized ASUS Live Update who were also running.
|Supported systems:||Windows XP/Vista/7/8/10, MacOS 10/X|
|Price:||Free* [*Free Registration Required]|
Asus Live Update Driver
But according to Asus, the company has updated its security to protect against future attacks. What the hackers were after also remains unknown.
ShadowHammer: Malicious updates for ASUS laptops
Interestingly, the mysterious culprits managed to somehow learn their victims' MAC addresses, which suggests they had performed recon on their targets in a previous wave of attacks. Kaspersky Asus Live Update will release a technical paper about the whole incident next month.
Kaspersky says that just MAC addresses appear to have been of interest to the criminals behind Asus Live Update hack. But the company found that over 57, users of its security software had the backdoored version of the ASUS utility installed, leading to the extrapolation that around a million people may have been affected in total.
They were even hosted on Asus servers. The target, Kaspersky said, was the supply chain, a network of companies supplying parts to a particular product.
Operation ShadowHammer APT targeted ASUS Live Update Utility
It could involve any number of manufacturing partners. Since ASUS is the 5th largest PC vendor in the world according to a Gartner count by Asus Live Update salesthis so-called ShadowHammer malware is a remarkably dangerous one.
The breach bore many similarities to previous supply chain attacks targeting CCleaner the incident linked above and the ShadowPad attack from which impacted NetSarang. Most users affected were Asus Live Update in Russia, Germany, and France.
ShadowHammer Victim Distribution by Country. Image source: After Vice Motherboard ran a story Asus Live Update Kaspersky's findings, the security firm clarified a few details in a blog postsaying that over 57, users of its antivirus software have downloaded and installed the compromised version of Live Update at some point in time.
Dubbed "Operation Shadowhammer," the culprits may not have actually been targeting millions of users, but a comparatively select few. We were able to extract more Asus Live Update unique MAC addresses from over samples used in this attack.
Operation ShadowHammer APT targeted ASUS Live Update Utility - Windows 10 Forums
Of course, there might be other samples out there with different MAC addresses in their list," Kaspersky added. Otherwise, the infiltrated updater showed no network Asus Live Update. Therefore, the infection of the utility remained undetected for so long. These were addressed by over unique backdoor modules, each with a different shell code.
The modular Asus Live Update and the additional precautions taken in executing the backdoor code show that it was very important for the actors behind this challenging attack to remain undetected. At the same time, the actors Asus Live Update some very specific approaches to hit the targets with surgical precision. An in-depth technical analysis shows that the arsenal of attackers is very developed and reflects a very high level of development of the actors.