Asus has admitted that its servers were compromised by hackers, which led to a rollout of malware in one of their Asus Live Update tool last year. However, the company claimed that the malware affected only a small number of customers.
The company now says that it has a fix in the form of an update in the latest version (ver. 3.6.8) of the Live Update software, and encourages the users concerned to run it as a precaution, Asus said in a statement.
The company said that its customer service team has been reaching out to the affected users and providing assistance to ensure that the security risks are removed.
A couple of days ago, Kaspersky Labs was quoted as saying in a Motherboard report that a sophisticated attack last year may have infected around half-a-million users of its devices last year. The issue came to light only in January this year, about five months after the software update released.
The Kaspersky Labs report had pointed out that the hackers had only targeted 600 systems, which were searched for on the basis of their unique MAC addresses.
Kaspersky had added that the malware was found in over 57,000 systems of their customers till date. To carry out the attack, hackers used two different ASUS digital certificates for signing their malware. The second certificate was used after the first expired in mid-2018.
Symantec also confirmed to Motherboard that at least 13,000 computers of its customers were affected by the malicious software update from Asus last year. The company is still investigating the actual number of computers that have been affected.
The attack is dubbed as a supply-chain attack where a malware gets installed systems through trusted vendor channels.