Kaspersky Lab researchers disclose that the Asus Live Update tool was exploited, enabling attackers to deploy malware on end-user systems.
Computer hardware vendor Asus publicly confirmed on March 26, that it was the victim of a breach where attackers were able to gain access to the company’s update servers.
With access to Asus’ servers, the attackers took aim at the Asus Live Update tool which is used to deliver driver and firmware updates. The attackers injected trojan code into the Asus Live Update tool and were able to deploy malware to what the company characterized as a small number of users. The updates appeared to be authentic to end users, as they were signed with legitimate Asus digital certificates.
« A small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers in an attempt to target a very small and specific user group, » Asus wrote in a media advisory. « ASUS customer service has been reaching out to affected users and providing assistance to ensure that the security risks are removed. »
The breach of the Asus Live Update service and the corresponding attack against users was uncovered by security firm Kaspersky Lab and publicly disclosed on March 25. Kaspersky Lab has named the attack « Operation ShadowHammer » and first discovered the issued in January 2019.
