Yesterday, researchers at Kaspersky Labs revealed that the ASUS Live Update tool had been infected by hackers. The initial backdoor malware was planted some time in late 2018 and remained undetected for several months as it targeted a very specific group of computers.
The ASUS Live Update tool is used by many PCs around the world. However, in this case, the attackers were not targeting consumers. This was what is known as an ‘Advanced Persistent Threat’ (APT) attack, which targeted specific organisations and entities. Whoever was behind the attack used stolen digital certificates to sign tampered versions of the Live Update tool. According to the Kaspersky Labs report, this malicious code would then target specific MAC addresses, if someone had an infected version of the tool on a system with a MAC address match, then more malicious code would be downloaded. If an infected version of the tool was present on a non-targeted system, then nothing further would happen.
This attack was designed to remain hidden for as long as possible. Since the attack targeted a small number of key systems, it remained unnoticed for several months. At this time, we don’t know which group (or country) initiated the attack or the exact motive behind it. However, there are a number of possibilities at play, including corporate espionage- an issue that has been creeping up time and again for US and Taiwan-based tech companies in the last couple of years.
In a response email sent to KitGuru, ASUS has confirmed that it did suffer from an APT attack and confirmed that a “small number of devices have been implanted with malicious code”. This was achieved “through a sophisticated attack on Live Update servers in an attempt to target a very small and specific user group”.
ASUS customer service has been reaching out directly to those affected and is providing assistance in removing any lingering security risks. A fixed version of the Live Update tool has also gone live, so if you are worried about your PC specifically, then you will want to download version 3.6.8 from the ASUS website.
Aside from patching the software, ASUS has also “implemented an enhanced end-to-end encryption mechanism” and “strengthened server-to-end user software architecture” to prevent similar attacks like this in the future.
Users who are concerned about their PC being infected can run ASUS’s security diagnostic tool to double check.
KitGuru Says: While this isn’t an attack that targeted consumers directly, if you have the ASUS Live Update tool installed, be sure to update to the latest version to be safe.