Malicious actors targeted specific Asus customers, says Kaspersky

Cybersecurity firm Kaspersky Lab confirms that the Asus’s software system was hacked to inject malware, which is now spread across at least 1 million Windows computers. Disguised as a “critical” software update from Asus’s servers, the malware marked itself ‘valid’ by having a real Asus certificate.

Kaspersky’s findings were triggered by an investigation conducted by Motherboard – which first revealed the details of the hack. While the intent behind the attack is still unclear, the hackers seem to target specific ASUS customers: the malware included special instructions for 600 systems, which when identified by specific MAC addresses will be infected with more malicious programs to further compromise the systems. Kaspersky also found out that most targets belonged to a network of companies supplying parts to a particular product.

The attack, named as “ShadowHammer” by Kaspersky, however, did little to no harm on systems infected with the malware. Reports from Kaspersky and Symantec confirms that around 57,000 and 13,000 customers using their security software respectively had the malware installed in their systems. About five percent of the Kaspersky’s victims are in the United States, the security firm confirmed.

The ‘Asus Live Update’ software – infected by the malicious actors – is designed to look for new versions of the programs released on the Asus website and then automatically update a PC’s BIOS, drivers, and applications. Asus, however, has denied that the malware had come from their servers. Also, talking to a news website, the company said that they will be releasing an official statement on the malware soon.