ASUS released security patches to fix the issues in the Live Update utility that were exploited by threat actors in Operation ShadowHammer.
ASUS announced to have released a fix for the Live Update utility that was exploited by threat actors behind the Operation ShadowHammer to deliver malware to hundreds of users.
The Operation ShadowHammer took place between June and November 2018, but experts from Kaspersky Lab discovered it in January 2019.
Over 1 million ASUS users may have been impacted by a supply chain attack that leveraged the ASUS Live Update utility to inject a backdoor in ASUS systems.
Discovered by Kaspersky in January 2019, Operation ShadowHammer took place between June and November 2018 and leveraged the proprietary tool that comes pre-installed on ASUS notebooks. The attack remained hidden because the actors used a stolen certificate to sign the compromised software.
Experts pointed out that Operation ShadowHammer was a targeted attack that surgically hit only 600 specific MAC addresses, but Kaspersky couldn’t determine the exact number of users who installed the tainted utility.
After Kaspersky disclosed the supply chain attack, ASUS has confirmed that a backdoor was delivered through a tainted version of its utility.
Asus has provided support to the victims to help them in removing the threat.
“A small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers in an attempt to target a very small and specific user group,” ASUS said in an emailed statement.
ASUS addressed fixed the Live Update utility with the release of the version 3.6.8. The vendor implemented “multiple security verification mechanisms to prevent any malicious manipulation in the form of software updates or other means.”
It also implemented an enhanced end-to-end encryption mechanism and improved security of server-to-end-user communication.
The vendor also developed an online security diagnostic tool that allows users to check whether their computers have been impacted.
We encourage users who are still concerned to run it as a precaution,” ASUS says.
Source : https://securityaffairs.co/wordpress/82997/hacking/asus-operation-shadowhammer.html