Just yesterday, we came across a Kaspersky report which highlighted a new ShadowHammer malware, which hackers managed to masquerade as a security update, and affected over 57,000 Asus computers. The attack took place between June and November 2018. Asus, the Taiwan-based company was quick enough to roll out a fix in the form of an actual security update.
You can download the security patch using the Live Update software tool from Asus. Additionally, the company also has a second “security diagnostic” tool which you can use to scan your computer and see if it has been affected or not. “[W]e encourage users who are still concerned to run it as a precaution,” Asus said in a press release.
Watch: Vivo V15 Pro First Look
Considering the fact that malware was passed using a software update tool, you would expect an apology from the company. However, Asus downplayed it by stating “Only a very small number of specific user group were found to have been targeted.” And while Asus quickly releasing a fix is reassuring, it also raises some other questions, mainly as to why the systems weren’t locked down in the first place.
The company further mentioned that it has taken adequate steps to ensure such a trojan horse does not emerge again. It now has “multiple security verification mechanisms to prevent any malicious manipulation” and “an enhanced end-to-end encryption mechanism,” Asus said.
“At the same time, we have also updated and strengthened our server-to-end-user software architecture to prevent similar attacks from happening in the future,” Asus added.