According to the authors of the book ‘Learn ethical hacking’, a group of hackers has infected hundreds of thousands of Asus computers using the company’s own update tool. According to specialists from the International Institute of Cyber Security, Asus, a company based in Taiwan, is one of the leading companies supplying portable computer equipment worldwide.
The attack was detected in January, after the hacker group took control over the Asus Live Update Utility tool to install malware on the victim’s devices without the company noticing; in the end, multiple cybersecurity specialized media began to resume information.
This campaign, nicknamed ‘Operation ShadowHammer’ by the authors of ‘Learn ethical hacking’, was carried out between July and November 2018; the first investigations found that around 60k users of Asus products had been infected.
However, the authors of ‘Learn ethical hacking’ highlighted that the campaign of infection could have affected more than one million users of Asus. Live Update Utility is a pre-installed tool for most of Asus newest products.
According to the investigation, the hackers managed to infect the compromised machines without the malware detection systems being activated, since the reliable security certificate of Asus was used, same that it is hosted on the servers of the company.
This incident has generated new concerns for technology users, as it will always be worth asking if the updates delivered directly by technology vendors are reliable. Moreover, this kind of attack is not something new; according to the experts of the IICS, a couple of years ago a group of threat actors hijacked the popular tool CCleaner to install malware in millions of devices.
As if it was not enough, the little confidence users have in automatic updates could also be advantageous to malicious hackers. For example, most of the computers infected with WannaCry ransomware were easily compromised because a routine security update was not installed.