A new report reveals how “hundreds of thousands” of Asus computer owners have been affected by a backdoored software update tool from the company’s own servers. The hackers were able to digitally sign the Asus Live Update tool with one of the company’s own code-signing certificates before sending it to Asus’ download servers. The servers hosted the compromised tool for several months in 2018, the report says.
Motherboard’s report also adds that this tool was then used to push malicious updates to Asus computers which come with the Live Update tool installed by default. TechCrunch has backed much of the report as it found out about the attack from a source “with direct knowledge of the incident” some weeks ago.
The backdoored software was first discovered by Kaspersky and it estimates that over a million users might be affected by it. The backdoor was used by hackers to send the malicious payload to unsuspecting users’ computers through a command and control server. The certificates are still active and haven’t been revoked so they remain a risk for users.
The report mentions the possibility that the hackers got access to Asus’ own certificates to sign the malware through the company’s supply chain which includes developers and vendors from across the globe. These partners develop software and supply components for the company’s devices. Such supply chain attacks can often be difficult to detect as they begin will a company insider being targeted or the company being infiltrated directly.
Asus hasn’t reached out to its customers about this as yet and hasn’t commented on the story.