ASUS software updates hijacked to install “ShadowHammer” backdoor into systems

Back in January, Kaspersky discovered a “sophisticated supply chain attack involving the ASUS Live Update Utility”, allowing a backdoored version of ASUS Live Update to be released and installed on over 57,000 PCs. 

At this time, ASUS has not released an official statement on the matter, with Kaspersky claiming that scale of the problem could extend to over 1 million PC. Right now, ASUS is one of the world’s largest PC manufacturers, acting as the 5th largest PC vendor as of 2017. In addition to this, ASUS also commands a dominating market share of the PC components market. 

ASUS’ Live Update software can update the drivers, BIOS, UEFI and selected system applications, making it possible for compromised versions of the application to compromise systems further. Kaspersky has dubbed this exploit “ShadowHammer”. 

It is believed that ASUS’ update utility was first attacked between June and November 2018, with the change going unnoticed until January 2019. This was due to the compromised software’s use of legitimate ASUS certificates, and the fact that the malicious updates were hosted on official servers. 

Kaspersky plans to release a full paper on the ASUS attack in April, during the company’s Security Analyst Summit in Singapore. ASUS was first contacted by Kaspersky about the attack on January 31st 2019, and since then Kaspersky has supported their investigation into the malware.