SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    Spyware Sneaks into 'Million-ish' Asus PCs via Poisoned Software Updates, Says Kaspersky
Date    Tuesday March 26 2019, @06:06AM
Author    chromas
Topic   
from the uhhh...yeah...it-was-hackers dept.
https://soylentnews.org/article.pl?sid=19/03/26/028241

martyb writes:

A million or so Asus personal computers may have downloaded spyware from the computer maker's update servers and installed it, Kaspersky Lab claims.

Someone was able to modify a copy of the Asus Live Update Utility, hosted on the Taiwanese manufacturer's backend systems, and sign it using the company's security certificate, even keeping the file length the same as the legit version, to make everything seem above board. The update utility ships with every machine, and routinely upgrades the motherboard firmware and related software with any available updates from Asus.

When it checked in with Asus's servers for the latest updates, the utility would fetch and install a backdoored version of the Asus Live Update Utility, we're told. The dodgy version was offered between June and November 2018, according to Kaspersky.

That infected build of the utility was designed to spy on roughly 600 machines, identified by their network MAC addresses. So, roughly a million Asus-built computers may have been running a trojanized update utility, with a few hundred actively spied on via the backdoor.

Kaspersky Labs has named it ShadowHammer.

How promptly do you install software updates?


Original Submission

Links

  1. "martyb" - https://soylentnews.org/~martyb/
  2. "ShadowHammer" - https://www.kaspersky.com/blog/shadow-hammer-teaser/26149/
  3. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=32589

© Copyright 2024 - SoylentNews, All Rights Reserved

printed from SoylentNews, Spyware Sneaks into 'Million-ish' Asus PCs via Poisoned Software Updates, Says Kaspersky on 2024-03-28 18:01:57