ASUS installs malware onto tens of thousands of PCs

If you've got a PC with an ASUS motherboard and ASUS Live Update installed, you might want to read into this story. Security firm Kaspersky has reported that hackers have been able to get backdoor access in up to millions of PCs.

How? Through firmware updates through ASUS' own Live Update software. Live Update lets ASUS upload drivers, software, and firmware updates to compatible PCs. This includes pre-installed versions of Live Update on ASUS-powered laptops and desktops, and as a standalone downloads to countless ASUS motherboard owners.

VICE Motherboard published a story recently, which Kaspersky replied in a blog post detailing more of what happened with ASUS. The security firm said over 57,000 users of its anti-virus software have downloaded, and installed the compromised version of Live Update. Make note of that: this is for people using Kaspersky anti-virus software, there would be many magnitudes more that don't use their software, and thus weren't considered in these 57,000 people.

Kaspersky said: "The goal of the attack was to surgically target an unknown pool of users, which were identified by their network adapters' MAC addresses... We were able to extract more than 600 unique MAC addresses from over 200 samples used in this attack. Of course, there might be other samples out there with different MAC addresses in their list".

Symantec has also addressed the situation, with Director of Development for the Security Technology and Response Group of Symantec chiming in with: "We saw the updates come down from the Live Update ASUS server. They were trojanized, or malicious updates, and they were signed by ASUS".

If you thought it was just ASUS, it's not. Toms Hardware was told by three different computer makes throughout Asia that they had also been "backdoored with very similar methods and techniques".

UPDATE: ASUS official response

ASUS response to the recent media reports regarding ASUS Live Update tool attack by Advanced Persistent Threat (APT) groups

Advanced Persistent Threat (APT) attacks are national-level attacks usually initiated by a couple of specific countries, targeting certain international organizations or entities instead of consumers.

ASUS Live Update is a proprietary tool supplied with ASUS notebook computers to ensure that the system always benefits from the latest drivers and firmware from ASUS. A small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers in an attempt to target a very small and specific user group. ASUS customer service has been reaching out to affected users and providing assistance to ensure that the security risks are removed.

ASUS has also implemented a fix in the latest version (ver. 3.6.8) of the Live Update software, introduced multiple security verification mechanisms to prevent any malicious manipulation in the form of software updates or other means, and implemented an enhanced end-to-end encryption mechanism. At the same time, we have also updated and strengthened our server-to-end-user software architecture to prevent similar attacks from happening in the future.

Additionally, we have created an online security diagnostic tool to check for affected systems, and we encourage users who are still concerned to run it as a precaution. The tool can be found here: https://dlcdnets.asus.com/pub/ASUS/nb/Apps_for_Win10/ASUSDiagnosticTool/ASDT_v1.0.1.0.zip

Users who have any additional concerns are welcome to contact ASUS Customer Service.

More information about APT groups: https://www.fireeye.com/current-threats/apt-groups.html