Jump to content

Sabrent's firmware update infected with malware

Spotty
 Share
Posted

Firmware updates for several of Sabrent's USB Hubs that were available on Sabrent's website have been discovered to include malware. The file RHC.exe in the .rar downloaded from the firmware update page contained a RAT (Remote Access Trojan). It's believed to be introduced somewhere in the supply chain from the manufacturers of Sabrent's USB hubs. As this is believed to be a supply chain attack it is possible that this may also affects other brands who have used the same manufacturers or suppliers.

 

ThioJoe has posted a video about it and seems to be the first to pick it up

 

 

 

The date for the firmware update shows August 2023 and it appears people have reported malware in the firmware update as far back as 6 months ago judging by this Tom's Hardware post in December 2023 reporting the firmware updater was detected as malware by their anti virus. It was posted on SomeOrdinaryGamers Reddit by u/andrewtjb a few weeks ago which was seen by Sabrent who removed the file, though it seems it affected more files and was for some reason reuploaded to Sabrent's website after it had been removed. Sabrent has since removed all of the infected download files from their website.

 

 

Sabrent's representative via Reddit:

Quote

We're now aware of this. I'm not sure why it hasn't been taking down yet, but I am pursuing it now.

Edit: since this thread is getting much more attention now after the video, and this was the original top reply, I will quickly provide updated information as I understand it as the Reddit face of the company.

The investigation is two-fold: how did the file(s) get there and where did it come from. For the former, we had taken down the files but it seems a cloud backup had replaced them temporarily. We removed them again almost immediately and can fix that. To prevent new issues, the way downloads are handled will be audited with additional checks.

For the latter, we had already investigated the chain of custody for the update internally and found it was from not from us, but from the supply chain. Currently we want to investigate and locate the specific source as this could impact other manufacturers who use similar hardware.

Original hubs at launch in some cases required the update, but new ones should not require it.

https://www.reddit.com/r/SomeOrdinaryGmrs/comments/1c3uvop/comment/kzkwcm3/

Quote

In my investigation it does appear the factory ensured the file was safe on multiple occasions. However, we have taken the original offending file down as of a few days ago when I saw this thread. I will now make sure all instances are removed immediately based on what I see listed in a new video, thank you.
https://www.reddit.com/r/SomeOrdinaryGmrs/comments/1c3uvop/comment/l32f30h/

 

Quote

We suspect it's from one of the USB-related suppliers rather than where our device is made, but I don't want to assert anything until we investigate more thoroughly. It does look like a supply chain attack.

It was an update for USB chips that chain in products, so more than just the 7-port, but we were aware of this. It seems a cloud backup may have reuploaded the files and unfortunately that happened around the time of the video. I saw the video and confirmed them re-deleted very rapidly after.

It is a shame in part because many of our components are used by multiple manufacturers/companies and we want to ensure this doesn't become a trend in the industry. Some changes will have to be made with less assumption of trust, either way.

https://www.reddit.com/r/SomeOrdinaryGmrs/comments/1c3uvop/comment/l334835/

 

CPU: Intel i7 6700k  | Motherboard: Gigabyte Z170x Gaming 5 | RAM: 2x16GB 3000MHz Corsair Vengeance LPX | GPU: Gigabyte Aorus GTX 1080ti | PSU: Corsair RM750x (2018) | Case: BeQuiet SilentBase 800 | Cooler: Arctic Freezer 34 eSports | SSD: Samsung 970 Evo 500GB + Samsung 840 500GB + Crucial MX500 2TB | Monitor: Acer Predator XB271HU + Samsung BX2450

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Genuine question. Why does something like a USB hub need firmware updates? I buy one, plug it in, and use it. Never once do I think about firmware or even drivers.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
1 hour ago, TempestCatto said:

Genuine question. Why does something like a USB hub need firmware updates? I buy one, plug it in, and use it. Never once do I think about firmware or even drivers.

Seems like there were issues reported with Sabrent's USB Hubs where some USB ports didn't work properly, which was supposedly fixed by updating the firmware.

 

If this is a supply chain attack, I wonder if the firmware in the units the manufacturers/supplies shipped was intentionally sabotaged to necessitate users to download the infected firmware update tool to fix the hubs. 🤔

 

https://superuser.com/questions/1829598/sabrent-7-port-usb-powered-hub-somehow-doesn-t-have-enough-power

CPU: Intel i7 6700k  | Motherboard: Gigabyte Z170x Gaming 5 | RAM: 2x16GB 3000MHz Corsair Vengeance LPX | GPU: Gigabyte Aorus GTX 1080ti | PSU: Corsair RM750x (2018) | Case: BeQuiet SilentBase 800 | Cooler: Arctic Freezer 34 eSports | SSD: Samsung 970 Evo 500GB + Samsung 840 500GB + Crucial MX500 2TB | Monitor: Acer Predator XB271HU + Samsung BX2450

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing General Discussion

×