ASUS releases fix after ShadowHammer malware attack

By on
ASUS releases fix after ShadowHammer malware attack

But some users unable to update to non-backdoored software.

Taiwanese IT manufacturer ASUS is downplaying the supply chain attack on its Live Update servers that saw users' computers infected with the ShadowHammer malware for several months, saying only a few customers were affected.

The company said in a statement that "a small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers in an attempt to target a very small and specific user group."

ASUS said the attack was done by an advanced persistent threat (APT) group but it did not name the entity, or which country it originated from.

Nor did the company identify the targeted user group.

Security vendor Kaspersky said over a million systems had been sent the compromised Live Update tool, with attackers using two valid ASUS digital certificates to authenticate the software.

Kaspersky was not credited by ASUS for discovering the malware infestation and reporting it to the Taiwanese vendor.

Security vendor Avira said it had seen more than 438,000 executions of the initial installer by ASUS customers.

The compromised installer would check a list of 600 media access control (MAC) identifiers that are hard coded into the network interfaces on computers.

If the MAC identifier was found on the list, the malware would fetch a second file containing malicious backdoor code, Avira said.

Avira added that updates to the malicious binary expanded the list of MAC identifiers, a tactic the security vendor believes allowed attackers to target systems on an as-needed basis rather than widely distribute or make money out of the malware.

A fixed version 3.6.8 of Live Update has been released by ASUS, and the company claims the new software has "multiple security verification mechanisms to prevent any malicious manipulation in the form of software updates or other means."

ASUS also said it had added an end-to-end encryption mechanism to the fixed version of Live Update, and that it had updated and strengthened its server-to-end-user software architecture, but provided no further technical details on this.

An online security diagnostics tool has also been made available to check for ShadowHammer infections and ASUS is encouraging concerned users to run it as a precaution.

Users meanwhile are reporting that they are unable to get the fixed Live Update version 3.6.8.

ASUS advised that if Live Update cannot get the latest fixed version, users should download it from the company's official website and install it manually.

It did not provide a link to the file however, and while iTnews tried to locate the fixed version of Live Update, ASUS took down its support website for "service enhancements".

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?