Kaspersky Lab antivirus specialists reported that the Asus Live Update utility, which is designed to update the BIOS, UEFI and system software on Asus laptops and computers, was hacked. The attackers introduced a backdoor into it and distributed the program from the servers of a Taiwanese manufacturer. However, it was signed by this certificate. To date, Kaspersky Lab has reported an issue to Asus and other companies. Details of hacking will be made public at the upcoming Security Analyst Summit (SAS) conference in early April.
Apparently, the hackers intended to selectively attack specific Asus customers. The malware contained a table with a list of 600 computer systems that were supposed to be identified by certain MAC addresses. As soon as the victim’s computer was infected, other malicious programs were loaded onto it. If the system was not listed in the list of targets, the malware did not show any activity. Similar methods were used to infect software from three more manufacturers. This attack was called ShadowHammer.
Apparently, Asus did not notify its customers about the threats of hacking its proprietary utility and did not take any action to stop the malware. Moreover, the company initially denied that the utility was distributed from its servers, and then completely stopped commenting on anything. Kaspersky Lab estimates that more than 57 thousand of its users have installed Asus Live Update with a backdoor, but the total number of infected computers may be over a million worldwide.