Jump to content

Malware Distributed Via ASUS LiveUpdate

AlfaProto
 Share
Posted

Source: HardwareZone, ASUS, Kapersky, Motherboard

Installed on most ASUS computers, is the ASUS LIveUpdate.if you don't know what the purpose of the app, here's a quote:

Quote

ASUS Live Update is an online update driver. It can detect whether there are any new versions of the programs released on the ASUS Website and then automatically updates your BIOS, Drivers, and Applications.

However, hackers used this app to distribute malware later year, between June to November, and nearly a million of ASUS computers are infected by this malicious malware.

Quote

This sophisticated supply chain attack, Operation ShadowHammer, took place between June and November 2018

Quote

The researchers estimate half a million Windows machines received the malicious backdoor through the ASUS update server, although the attackers appear to have been targeting only about 600 of those systems.

The detection took quite long, due to the fact that, the hackers used a legitimate security certificate for their backdoored app. Below is a screen-caps (courtesy of HWZ), showing the Digital Signature.

190322-shadowhammer-1-800W.png

The intentions of the hackers are unknown, but they were targeting specific users, and can be traced via their MAC address.

Quote

The exact intentions of the hackers weren’t revealed by Kaspersky’s report; however, the researchers stated this attack was highly sophisticated and it targeted specific users, whose identities are unknown except for the extracted MAC address of their network adapters.

Here's the trogan name, if detected by your anti-virus scanners:

Quote

HEUR:Trojan.Win32.ShadowHammer.gen

 

Since the majority* are using ASUS products, and is using this app to obtain updates at one-go, I suggests that you removed the app temporarily until it's resolved.

 

In my own opinion, I always do not use this 'Live Updates' app, be it ASUS, Gigabyte or MSI. I usually go and used the existing drivers came with it, download latest via network and update it, at least there's a roll back point.

 

The app installed base is likely OEM computers, and/or people like us, too lazy to download drivers one by one, and turned to automation.

 

* - I mean, every YTbers are sponsored (by) and recommending ASUS, so I assumed that the viewers pick ASUS as its brand.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

-= Locked =-

 

As mentioned this has been previously posted.

 

COMMUNITY STANDARDS   |   TECH NEWS POSTING GUIDELINES   |   FORUM STAFF

LTT Folding Users Tips, Tricks and FAQ   |   F@H & BOINC Badge Request   |   F@H Contribution    My Rig   |   Project Steamroller

I am a Moderator, but I am fallible. Discuss or debate with me as you will but please do not argue with me as that will get us nowhere.

 

Spoiler

  

 

Character is like a Tree and Reputation like its Shadow. The Shadow is what we think of it; The Tree is the Real thing.  ~ Abraham Lincoln

Reputation is a Lifetime to create but seconds to destroy.

You have enemies? Good. That means you've stood up for something, sometime in your life.  ~ Winston Churchill

Docendo discimus - "to teach is to learn"

 

 CHRISTIAN MEMBER 

 

 
 
 
 
 
 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing Tech News

×