Asus software updates were used to spread malware, security group says

The Asus software update system was hacked and used to distribute malware to approximately 1 million Windows computers, according to cybersecurity firm Kaspersky Lab. The malware disguised itself as a "critical" software update, was distributed from the Asus servers and it was signed with a real Asus certificate that made it look valid. The details of the hacking were revealed for the first time by Motherboard and Kaspersky plans to release more details at a future conference.

It is not clear what the hackers were after. However, the hackers seemed to point to specific Asus clients: the malware included special instructions for 600 systems, which must be identified by specific MAC addresses. Once one of those systems was detected, the update would install more malicious programs to further compromise the system.

Kaspersky called the attack "ShadowHammer". This type of attack is often associated with espionage attacks by national states, especially Stuxnet. , which was widely disseminated but did no harm in most infected systems.

It does not appear that Asus has contacted customers or taken action to stop the malware. Asus did not immediately respond to a request for comment, and Motherboard said it could not get a comment from Asus for several days. Apparently, Asus denied that the malware had left its servers after Kaspersky contacted, then stopped responding, according to Motherboard .

Although the malware could have been distributed to 1 million computers, Kaspersky says Motherboard it is estimated that the total number of PCs that installed it is in the "hundreds of thousands". Kaspersky says that 57,000 people using their security software had the malware installed, and Symantec told Motherboard that they identified 13,000 customers with the malware.

By hacking into a company's update system, malicious actors can violate computers on a large scale. It has not been done frequently, but the fact that it can be done is a big risk. Work is underway to develop more secure upgrade systems, but for now, companies rely heavily on their own solutions.