ASUS computers owners need to be alert to the ShadowHammer malware hitting millions of computers. The malware is downloaded directly to the computers by the makers own servers disguised as updates.
A hacker has modified the ASUS Live Update Utility, which delivers software updates to ASUS laptops and desktops. The hacker added a back door to the utility and then distributed the malware to owners through official ASUS channels.
The malware was signed with a legitimate certificate and was hosted on the official ASUS servers used for updates and, according to reports, has been undetected for an unknown period of time. The clever hackers even made sure the file size of the malicious code stayed the same as that of the original one.
According to Kaspersky Labs estimates are that the malware was distributed to about 1 million people total. While investigating the attack Kaspersky also discovered the same techniques targeted software from three other unnamed vendors. Kaspersky has notified ASUS and other companies about the attack. Kaspersky Labs suggest ASUS computer owners update the ASUS Live Update Utility if they use it.
Even though the malware was distributed widely it is believed that the hackers are actually only targeting a limited number of computers based on the MAC address. LifeHacker.com has an article with instructions on checking if your MAC address is a target. Kaspersky also offers this website to check you MAC address.
ASUS has released a new version of its Live Update software for laptops that addresses the ShadowHammer backdoor attack. The computer maker has promised “multiple security verification mechanisms” to reduce the chances of further attacks. According to ASUS it has started using an “enhanced end-to-end encryption mechanism.” ASUS also stated it has made upgrades to the behind-the-scenes server system to prevent future attacks.
