Hackers targeted “hundreds of thousands” of Asustek computer owners by pushing a backdoor update software tool from the computer maker’s own servers, cyber security firm Kaspersky Lab said on Monday.
The attack took place between June and November 2018, according to Kaspersky.
The hackers were surgically targeting an unknown pool of users, who were identified by their network adapters’ MAC addresses.
More than 57,000 Kaspersky users installed the backdoor version of ASUS Live Update, the report said.
The trojanized utility was signed with a legitimate certificate and was hosted on the official ASUS server dedicated to updates, and that allowed it to stay undetected for a long time. The criminals even made sure the file size of the malicious utility stayed the same as that of the original one.
“According to our statistics, more than 57,000 users of Kaspersky Lab’s products have installed the backdoored utility, but we estimate it was distributed to about 1 million people total. The cybercriminals behind it were not interested in all of them, however — they targeted only 600 specific MAC addresses, for which the hashes were hardcoded into different versions of the utility,” reads the report.
“While investigating this attack, we found out that the same techniques were used against software from three other vendors. Of course, we have notified ASUS and other companies about the attack. As of now, all Kaspersky Lab solutions detect and block the trojanized utilities, but we still suggest that you update the ASUS Live Update Utility if you use it. Our investigation is still ongoing,” suggests the lab.
Asus did not immediately respond to Reuters request for comment.
