A major cybersecurity threat affecting ASUS devices has been uncovered by researchers over at Kaspersky Lab.
The firm has revealed new malware attacking weaknesses in ASUS' supply chain to infect machines before they even hit the shelves.
They did it by infecting the ASUS Live Update Utility, a tool that comes preloaded with ASUS machines and is used to update BIOS and whatnot. They stole certificates used by ASUS to sign legitimate binaries, so the threat went undetected.
Another reason why it was undetected is the fact that the malware did not target just anyone who bought an ASUS machine. In fact, the attackers seem to have had a list of MAC addresses – they knew exactly who their targets were.
For everyone else, the malware remained dormant and thus, essentially, harmless. But to those whose MAC addresses matched the ones the attackers had on their list – the malware triggered additional downloads.
Only around 600 machines were targeted by the malware, but it's not yet known what type of information they were looking for.
“The selected vendors are extremely attractive targets for APT groups that might want to take advantage of their vast customer base. It is not yet very clear what the ultimate goal of the attackers was and we are still researching who was behind the attack," said Vitaly Kamluk, Director of Global Research and Analysis Team, APAC, at Kaspersky Lab.
However, techniques used to achieve unauthorized code execution, as well as other discovered artefacts suggest that ShadowHammer is probably related to the BARIUM APT, which was previously linked to the ShadowPad and CCleaner incidents, among others. This new campaign is yet another example of how sophisticated and dangerous a smart supply chain attack can be nowadays."
Photo Credit: andriano.cz/Shutterstock