The ASUS System Control Interface V2 on my G14 is also an older version than what MyASUS lists as an available update, but that too isn't offered by Live Update. Yet the "Live Update" tab says my computer is up to date as is. Its version, however, is currently 2.7.13.0 while MyASUS is offering version 3.0.5. Armoury Crate is a Windows Store app and has no updates available there nor through the app itself. Take the Armoury Crate UWP app for instance.
The "Live Update" feature also doesn't install updates that MyASUS lists as available in the "Driver & Tools" tab. Kaspersky told our friends at TomsHardware that three other computer makers in Asia had also been "backdoored with very similar methods and techniques," but didn't name the companies.The MyASUS app has been recommended for updating the G14, but it's updates are sometimes in conflict with what either the Armoury Crate or Windows Store say are the latest versions. They were trojanized, or malicious updates, and they were signed by Asus," said Liam O’Murchu, director of development for the Security Technology and Response group at Symantec.Īsus may not be the only one affected by this attack.
"We saw the updates come down from the Live Update Asus server. That bumps the tally to 70,000, though the true number could be in the hundreds of thousands, or even millions, as Kaspersky surmises.
Symantec, makers of Norton software, told Motherboard that it found another 13,000 computers with the malicious software update utility. However, Kaspersky is not the only security outfit to trace the malware samples back to Asus. The company says one of the reasons it was able to go undetected all of this time is because the Trojanized updates were signed with legitimate security certificates from Asus, and were hosted on Asus's official update servers.Īsus denied this when contacted by Kaspersky in January, telling the company that its servers were not compromised and that it had not hosted any malware. Kaspersky discovered the "sophisticated supply chain attack" in January of this year and found links to an attack from 2017.
Of course, there might be other samples out there with different MAC addresses in their list," Kaspersky added. We were able to extract more than 600 unique MAC addresses from over 200 samples used in this attack.
"The goal of the attack was to surgically target an unknown pool of users, which were identified by their network adapters’ MAC addresses. "We are not able to calculate the total count of affected users based only on our data however, we estimate that the real scale of the problem is much bigger and is possibly affecting over a million users worldwide," Kaspersky said.ĭubbed "Operation Shadowhammer," the culprits may not have actually been targeting millions of users, but a comparatively select few. After Vice Motherboard ran a story on Kaspersky's findings, the security firm clarified a few details in a blog post, saying that over 57,000 users of its antivirus software have downloaded and installed the compromised version of Live Update at some point in time. It might not be as safe as we assumed, however. Using Live Update is a convenient way to stay updated, and until now, has been considered safe.
It comes preinstalled on many Asus-brand laptops and desktops, and is offered as a standalone download for the company's millions of motherboards. Live Update is a utility that allows Asus to push out driver, software, and firmware updates to PCs. By their nature, backdoors are vulnerabilities that attackers can exploit, if they know about them. In security parlance, a backdoor is a way for an administrator to gain access to a system or data through a generally undocumented means. Lest anyone need reminding of this, security firm Kaspersky dropped a bombshell on Monday, saying hackers were able to install backdoors on tens of thousands of PCs-and maybe even millions of systems-by pushing out firmware updates through Asus's own Live Update software. When it comes to PCs, true security is a myth. It's encouraging all users of Asus hardware to run it as a precaution. Finally, Asus released a security diagnostic tool to check if your system is affected.