Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 15 submissions in the queue.

Spyware Sneaks into 'Million-ish' Asus PCs via Poisoned Software Updates, Says Kaspersky

posted by chromas on Tuesday March 26 2019, @06:06AM   Printer-friendly
from the uhhh...yeah...it-was-hackers dept.

martyb writes:

A million or so Asus personal computers may have downloaded spyware from the computer maker's update servers and installed it, Kaspersky Lab claims.

Someone was able to modify a copy of the Asus Live Update Utility, hosted on the Taiwanese manufacturer's backend systems, and sign it using the company's security certificate, even keeping the file length the same as the legit version, to make everything seem above board. The update utility ships with every machine, and routinely upgrades the motherboard firmware and related software with any available updates from Asus.

When it checked in with Asus's servers for the latest updates, the utility would fetch and install a backdoored version of the Asus Live Update Utility, we're told. The dodgy version was offered between June and November 2018, according to Kaspersky.

That infected build of the utility was designed to spy on roughly 600 machines, identified by their network MAC addresses. So, roughly a million Asus-built computers may have been running a trojanized update utility, with a few hundred actively spied on via the backdoor.

Kaspersky Labs has named it ShadowHammer.

How promptly do you install software updates?

Original Submission

 
This discussion has been archived. No new comments can be posted.
Spyware Sneaks into 'Million-ish' Asus PCs via Poisoned Software Updates, Says Kaspersky | Log In/Create an Account | Top | 9 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Tuesday March 26 2019, @06:45AM (3 children)

    by Anonymous Coward on Tuesday March 26 2019, @06:45AM (#819985)

    I've seen this number get inflated from the originally reported 57K or so first to 500K and then to "Million-ish" in the span of a day. Talk about clickbait.

  • (Score: 1, Insightful) by Anonymous Coward on Tuesday March 26 2019, @07:32AM

    by Anonymous Coward on Tuesday March 26 2019, @07:32AM (#819994)

    Maybe they got new data and wanted to err on the side of caution, like proper investigators should... I personally think this is news because of the official source. Even 1 machine is too many.

  • (Score: 4, Interesting) by rigrig on Tuesday March 26 2019, @10:03AM (1 child)

    by rigrig (5129) <soylentnews@tubul.net> on Tuesday March 26 2019, @10:03AM (#820020) Homepage

    They confirmed 57K infected users, because those were running Kaspersky software.
    They estimate that about 1 million people total were infected by using the compromised Asus software.

    --
    No one remembers the singer.

    • (Score: 2) by Freeman on Tuesday March 26 2019, @04:06PM

      by Freeman (732) on Tuesday March 26 2019, @04:06PM (#820132) Journal

      I believe it. ASUS is a major brand, I assume that bloatware was pre-installed on their system, with auto-updates enabled. Your typical friendly nerd wouldn't necessarily be telling granny to disable that thing that provides free security updates, either.

      --
      Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"