Btw…! Why I’m thinking Kaspersky Lab is behind this Hack
Thousands of Asus computers were infected with malware from the company’s own update tool, researchers from Kaspersky Lab said Monday.
The researchers discovered the attack in January, after hackers took over the Asus Live Update Utility to quietly install malware on devices. The hack was first reported by Motherboard.
On Tuesday, Asus said it’s fixed the vulnerability in the latest version of its Live Update tool, meaning you’ll have to trust the software to resolve the issue.
“Asus customer service has been reaching out to affected users and providing assistance to ensure that the security risks are removed,” the company said in a statement.
The hack, which Kaspersky Lab is calling Operation ShadowHammer, went on between June and November 2018. Kaspersky Lab found that it affected more than 57,000 people using its products. The Russia-based cybersecurity company was only able to find those numbers for its own users, and estimates that the malware could affect more than a million Asus owners worldwide.
Symantec, another cybersecurity company, found the same malware from Asus updates, and cited at least 13,000 computers affected by the attack. The company said that 80 percent of victims were consumers, while 20 percent were organizations.
The update tool is preinstalled on the majority of new Asus devices.
The attackers were able to infect devices without raising red flags because they used Asus’ legitimate security certificate, which was hosted on the computer manufacturer’s servers.