Advertisement

Hackers hijacked update server to install backdoors on ASUS machines

The attackers distributed the malware to more than half a million computers.

For nearly half a year, computer maker ASUS was unwittingly pushing malware that gave hackers backdoor access to thousands of computers, according to Kaspersky Lab. Hackers managed to compromise one of the company's servers used to provide software updates to ASUS machines. The attack, which has been given the name ShadowHammer was discovered late last year and has since been stopped. Engadget reached out to ASUS for comment and will update this story if we hear back.

With access to the update server, the attackers were able to distribute malicious files that appeared legitimate because they were given an ASUS digital certificate to make them appear to be authentic. Instead, the phony software updates gave the attackers a backdoor to access infected devices. Kaspersky estimates that about half a million Windows machines received the backdoor from ASUS' update server. However, the attackers appear to have only been targeting about 600 systems. The malware was designed to search for machines by their MAC address. It's not clear for what reason that the attackers focused on that small subset of machines.

Attacks on the supply chain, specifically update servers, are growing more common. Microsoft suffered a similar attack in 2012 when hackers distributed a spying tool called Flame via the Windows updating tool. Popular apps like CCleaner and Transmission were at one point compromised and unknowingly distributing malware to users. Perhaps most notably, the notPetya cyberattack that hit thousands of machines across Europe, Asia, Australia and the US was carried out through a malicious update to an accounting software tool.