Asus Live Update infects Millions

Asus Inc. announced that a compromised version of the Asus Live Update utility was sent to users when attackers gained control of Asus Update Servers. Asus made the announcement on March 25th from Asus Corporate. However, it had been discovered since January.

The attack is called a “supply chain attack” and was detected in January by security firm Kaspersky. Cyber Security researchers have named the attack “Shadow Hammer”. Most importantly, the malware was delievered to machines for about 5 months last year, June to November. According to Kaspersky researchers, is targeting about 600 very specific computers.

Attackers sent the malware via signed applications from Asus, meaning windows security trusted the update and allowed it to install. After installation the malware would scan the computer comparing the information to the list of machines they were trying to infect. If your machine didn’t match, it laid dormant. However, this could mean you still have the malicious code installed on your system.

First, even dormant, this could be activated at any time. Second, the attackers could decide to use the malware for another purpose. A purpose that may include your data.

What Can I do

1. Users can make sure to update the Asus Utility to the lastest version. It should be version 3.6.8

2. Ensure your antivirus is up to date and run a full scan. Almost all major vendors (including our Anti-Virus) are detecting Shadow Hammer.

3. If you find your infected or are worried you could be, we can schedule a remote support call, on-site visit, or you can bring your machine to our office.

If you have an Asus Computer and do not have anti-virus, contact us so we can help ensure you’re not infected and talk about how you can stay protected in the future.