Kaspersky Labs expose malicious updates for ASUS laptops

    A threat actor modified the ASUS Live Update Utility.

    |

    Experts at Kaspersky Labs have uncovered what seems to be one of the biggest supply-chain incidents ever. A threat actor modified the ASUS Live Update Utility, which delivers BIOS, UEFI, and software updates to ASUS laptops and desktops added a back door to the utility and then distributed it to users through official channels.

    Kaspersky Labs expose malicious updates for ASUS laptops

     

    The trojanized utility was signed with a legitimate certificate and was hosted on the official ASUS server dedicated to updates, and that allowed it to stay undetected for a long time. The criminals even made sure the file size of the malicious utility stayed the same as that of the original one.

    According to Kaspersky statistics, more than 57,000 users have installed the backdoored utility, but we estimate it was distributed to about 1 million people total. The cybercriminals behind it were not interested in all of them, however - they targeted only 600 specific MAC addresses, for which the hashes were hardcoded into different versions of the utility.

    While investigating this attack, Kaspersky found out that the same techniques were used against software from three other vendors. The security firm notified ASUS and other companies about the attack. As of now, all Kaspersky Lab solutions detect and block the trojanized utilities, but users are suggested to update the ASUS Live Update Utility.

    Read More About: asus laptops kaspersky news
    X

    Stay updated with latest technology news & gadget reviews - Gizbot

    Notification Settings X
    Time Settings
    Done
    Clear Notification X
    Do you want to clear all the notifications from your inbox?
    Yes No
    Settings X
    We use cookies to ensure that we give you the best experience on our website. This includes cookies from third party social media websites and ad networks. Such third party cookies may track your use on Gizbot sites for better rendering. Our partners use cookies to ensure we show you advertising that is relevant to you. If you continue without changing your settings, we'll assume that you are happy to receive all cookies on Gizbot website. However, you can change your cookie settings at any time. Learn more