The Taiwan-based computer hardware company ASUS is thought to have unwittingly distributed malicious software through its automatic update tool, Motherboard writes. The attack was noticed by the researchers at cybersecurity firm Kaspersky Lab at the end of January. The malicious update was signed with legitimate ASUS digital certificates, making the file seem like a genuine ASUS file. When downloaded, the malicious software could be used as a backdoor to a victim’s computer.
The researchers said ASUS kept pushing the malicious file to the customers for at least five months last year. According to Kaspersky Lab, “over 57,000 Kaspersky users have downloaded and installed the backdoored version of ASUS Live Update.” Worldwide, more than a million people could have been affected. Moreover, the malware was targeted to specific MAC addresses. When a targeted address was detected, the malware installed additional malware. However, even if silent, the malware provided a backdoor into all infected systems.
“This attack shows that the trust model we are using based on known vendor names and validation of digital signatures cannot guarantee that you are safe from malware,” said Vitaly Kamluk, Asia-Pacific director of Kaspersky Lab’s Global Research and Analysis Team. Kamluk said that although ASUS claimed its server hadn’t been compromised, Kaspersky’s research shows the download path led back to the ASUS server.
Kamluk said ASUS continued using one of the compromised ASUS digital certificates for a month after the company had been notified about the malware. Even now, the certificates have not yet been invalidated.