Official ASUS Update Tool Compromised
Hackers managed to compromise a ASUS sever that managed the live update tool of the company. ASUS Live Update comes pre-installed on ASUS computers. It is used to update core components of a system, including BIOS, UEFI and drivers. Being the fifth largest PC vendor in the world, the comprise meant millions of Windows users were at risk.
According to Kaspersky Lab, “over 57,000 Kaspersky users have downloaded and installed the backdoored version of ASUS Live Update at some point in time.”
Kaspersky discovered a sophisticated attack using the update tool that took place between June and November 2018 .
“The goal of the attack was to surgically target an unknown pool of users, which were identified by their network adapters’ MAC addresses,” wrote Kaspersky in a blog post. The company further explained that the attackers had hardcoded a list of MAC addresses in the trojanized samples and this list was used to identify the actual intended targets of this massive operation.
One of the suspects for the attack is Barium, which was accused by Microsoft for breaking into user accounts.