Jump to content
exile360

More bad news for ASUS users...ASUS software hacked AGAIN

Recommended Posts

According to a Kaspersky Labs report, ASUS has yet again been the target of malicious hackers who have successfully distributed a backdoor (translation: the worst possible kind of infection you can have because it gives bad guys complete access to EVERYTHING in your system) through the bundled ASUS software updating application that ships on all ASUS PCs.  This isn't the first time ASUS has been in the spotlight for having their bundleware hijacked, but hopefully it will be the last.  Clearly something is rotten at ASUS in their security division, at least in my opinion, as their updater software was using plain unencrypted HTTP communication to perform updates rather than the much more secure encrypted HTTPS protocol.  This flaw enabled hackers to hijack connections and distribute malware to ASUS PCs thus infecting unsuspecting users with their malicious backdoor software.

In this day and age of countless data breaches, security vulnerabilities in both hardware and software, ever worsening privacy issues where even 'legitimate' companies are harvesting customer data at an alarming rate (and often times even selling or giving that data to third parties), things like this just pile on top to illustrate the need for a major overhaul to the way in which web security and data are handled.

You can learn more about this incident at Kaspersky Labs blog below:

https://www.kaspersky.com/blog/shadow-hammer-teaser/26149/

Much like the CCleaner hijack sometime ago, the perpetrators were targeting specific devices with this malware, with a combined list of about 600 specific systems that they were seeking out based on hardcoded MAC addresses embedded in various versions of the malware they were distributing.  Kaspersky estimates that approximately 1 million devices in total were infected.

Whoever the targets were/are, I hope that they have or are seeking good APT protection because they need it as obviously someone has them in their sites.

Share this post


Link to post
Share on other sites

Just peachy. Thanks for posting this :)

Share this post


Link to post
Share on other sites
Posted (edited)

Wasn't this already reported by Pondus back in March?

 

Edited by nukecad

Share this post


Link to post
Share on other sites

Yep, it looks like he did.  For some reason I had it in my head that this was a new attack (hence the reason I said 'yet again' above in my initial posting).

Share this post


Link to post
Share on other sites

I've done similar before myself.

Share this post


Link to post
Share on other sites

Yeah, if I recall correctly I think the original article where I discovered it had the date and for whatever reason I thought it was 'May' instead of 'March' which is why I thought it was a more recent story/event, and I hadn't realized that the original event from March had been discovered by Kaspersky so I thought all the details were different and that it was just yet another hijacking of ASUS' updater module (and based on the details and history of other security problems at ASUS it didn't seem to be outside the realm of possibility that their updater would have gotten hijacked yet again).  I guess I should have paid closer attention.

Share this post


Link to post
Share on other sites

At least it did have a date on it.

With some articles it's hard to tell when they were written.

Share this post


Link to post
Share on other sites

Yeah, I hate it when they don't include the date an article was written.  It's so annoying when trying to do research not to be able to determine an accurate timeline.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.