Hackers used Asus software update to inject malware into millions of PCs: Kasperskyhttps://indianexpress.com/article/technology/tech-news-technology/around-half-a-million-asus-branded-pcs-have-been-compromised-by-a-malware-attack-motherboard-5642342/

Hackers used Asus software update to inject malware into millions of PCs: Kaspersky

Asus unwittingly pushed out malware through its official updates to around half a million computers last year after hackers compromised the company's servers.

Asus, Kaspersky, Symantec, Asus PCs, Asus malware, Asus update tool, Asus update tool malware, Asus malware attack, Asus hack
Kaspersky stated that they first detected the malware on a customer’s machine on January 29. (Image of Asus Zenbook 13 for representation)

Taiwan’s hardware company Asus unwittingly pushed out malware through its official updates to around half a million computers last year after hackers compromised the company’s servers, cybersecurity firm Kaspersky Lab reported (via Motherboard). The issue came to light in January this year, about five months after the update the software update release.

However, the report points out that the hackers only targeted 600 systems, which were searched for by their unique MAC addresses. The attack, dubbed at supply-chain attack where malware gets installed systems through trusted vendor channels. US-based security firm Symantec also confirmed the incident.

“This attack shows that the trust model we are using based on known vendor names and validation of digital signatures cannot guarantee that you are safe from malware,” said Vitaly Kamluk, Asia-Pacific director of Kaspersky Lab’s Global Research and Analysis Team who led the research told Motherboard.

Symantec confirmed to Motherboard, that at least 13,000 computers of its customers were affected by the malicious software update from Asus last year. The company is still investigating the actual number of its computers that have been affected.

Advertising

Also Read: Asus Zenfone Max Pro M1, Max Pro M2 and Max M2 to get Android Pie update by April 15

Kaspersky added that the malware has been found in over 57,000 computers of their customers till date. To carry out the attack, hackers used two different ASUS digital certificates for signing their malware. The second certificate was used after the first expired in mid-2018.