- What is asus live update utility software#
- What is asus live update utility code#
- What is asus live update utility download#
- What is asus live update utility mac#
The outlet noted that Symantec confirmed Kaspersky’s findings and offered more details about how the researchers were finally able to uncover this attack. The supply chain attack was first reported by Motherboard, which said it sent Asus three emails about Kaspersky’s findings but hasn’t received a response.
What is asus live update utility mac#
Yet, the unidentified threat actor only appeared to be interested in a very small subset of those devices: Kaspersky said they “targeted only 600 specific MAC addresses, for which the hashes were hardcoded into different versions of the utility.” That means as many as 1 million people were compromised to target just 600.
![what is asus live update utility what is asus live update utility](https://bloatwareuninstaller.com/uninstall-guides/wp-content/uploads/2018/11/uninstall-change.png)
(Kaspersky managed it, though, which is why disclosures like these are also thinly veiled advertisements.) The company said it detected the malware on 57,000 devices but estimated that 1 million were affected. It also had the same file size as the official version of the utility.Īll those precautions made the malicious version of the Asus Live Update Utility incredibly difficult to detect. This malicious version of the tool was hosted on the Asus update server and signed with a legitimate certificate.
![what is asus live update utility what is asus live update utility](https://giamcanherbalthin.com/asus-live-update/imager_7733.jpg)
The researchers said that someone modified the Asus Live Update Utility, added a back door and then distributed it via official channels. The security firm said this attack, which it dubbed Operation ShadowHammer, “seems to be one of the biggest supply-chain incidents ever,” after the CCleaner attack of 2017. Kaspersky also found evidence connecting the methods used during Operation ShadowHammer with the ones utilized in the attack against CCleaner and in the ShadowPad supply chain attack from 2017 that impact NetSarang.Īlso, as detailed by GReAT, the threat actor behind the latter was already identified as BARIUM - known users of the Winnti backdoor - by both Microsoft, ESET, and other security researchers.Kaspersky Labs revealed today that an unidentified threat actor modified the Asus Live Update Utility to gain access to target devices. The malicious supply chain campaign was dubbed Operation ShadowHammer by GReAT and, as initially reported by Kim Zetter, it supposedly led to the backdoored version of ASUS Live Update being downloaded and installed on the computers of more than 57,000 Kaspersky users. Yesterday, Kaspersky Lab announced that its Global Research and Analysis (GReAT) team has detected a new APT campaign in January 2019, estimated to have run between June and November 2018, allegedly impacting over one million users who have downloaded the ASUS Live Update Utility on their computers. ShadowHammer victim distribution according to Kaspersky In addition, "In order to ensure the security of your information, ASUS recommends that you regularly update your passwords," while users who want to check if they have the malware-free ASUS Live Update tool can do so by following the instructions available HERE. This will completely remove the malware from your computer."
What is asus live update utility download#
The company also announced that it provides "an online security diagnostic tool" available for download HERE, which will allow ASUS customers to check if their computers have been impacted by the APT campaign.Ĭustomers who discover that their machines have been affected are advised to "Immediately run a backup of your files and restore your operating system to factory settings.
What is asus live update utility software#
To be able to block further attacks targeting its servers, ASUS says that it "updated and strengthened our server-to-end-user software architecture." Says only small number of machines infected (researchers say 500k+) also says it’s finally begun to notify customers ( told them about prob in Jan.) They don’t bother to thank Kaspersky at all in statement. The company also said that "only the version of Live Update used for notebooks has been affected," with all other devices not being affected by the supply chain attack.Īdditionally, ASUS states that its "customer service has been reaching out to affected users and providing assistance to ensure that the security risks are removed."Īs detailed in the press release, the company fixed the issue in the ASUS Live Update tool's 3.6.8 release by adding a number of security check mechanisms designed to block "malicious manipulation" via updates or any other methods.
What is asus live update utility code#
"A small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers in an attempt to target a very small and specific user group," says ASUS.
![what is asus live update utility what is asus live update utility](https://pokde.net/assets/uploads/2019/02/asus-x570zd-geforce-gtx-1050-design.jpg)
Asus confirmed today that its Live Update utility has been indeed infected with malicious code by an advanced persistent threat (APT) group as part of a supply chain attack which managed to compromise some of its servers.