Hackers reportedly managed to compromise thousands of Asus computers via the company’s own software update tool. The hackers leveraged the tool to push malware to the machines, as per security researchers. The attack took place between June and November in the year 2018. “We are not able to calculate the total count of affected users based only on our data; however, we estimate that the real scale of the problem is much bigger and is possibly affecting over a million users worldwide,” Kaspersky said in a blog post.
The security researchers are calling the attack as ShadowHammer. Furthermore, before pushing the malware to Asus’ servers, the hackers digitally signed the Live Update tool of the company with its code-signing certificates. “The malicious updates were pushed to Asus computers, which has the software installed by default,” TechCrunch reports. Asus, which is one of the top consumer notebook vendors, is yet to comment on this issue.
“The selected vendors are extremely attractive targets for APT [advanced persistent threat] groups that might want to take advantage of their vast customer base,” Vitaly Kamluk, director of Kaspersky Lab’s Global Research and Analysis Team said. The cybersecurity firm also claimed that more than 57,000 of Asus users downloaded and installed the infected software update. Furthermore, Kaspersky asserted that it has already reported about this issue to Asus in January. The cited source stated that “the goal of the attack was to surgically target an unknown pool of users, which were identified by their network adapters MAC addresses.”
Watch: Asus Zenfone 5Z First Look
Besides, Asus is expected to launch its next flagship in the month of May. The upcoming ZenFone 6 will be a successor to the Asus ZenFone 5Z, which launched back in 2018. The company has even teased the launch of the device, which is expected to make its debut on May 16 in Spain. The forthcoming flagship is expected to offer Qualcomm s leading Snapdragon 855 chipset as the current flagship packs the Snapdragon 845 SoC.