Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
The Taiwan-based tech giant ASUS is believed to have pushed the malware to hundreds of thousands of customers through its trusted automatic software update tool after attackers compromised the company’s server and used it to push the malware to machines.
Researchers at cybersecurity firm Kaspersky Lab say that ASUS, one of the world’s largest computer makers, was used to unwittingly to install a malicious backdoor on thousands of its customers’ computers last year after attackers compromised a server for the company’s live software update tool. The malicious file was signed with legitimate ASUS digital certificates to make it appear to be an authentic software update from the company, Kaspersky Lab says.
ASUS, a multi-billion dollar computer hardware company based in Taiwan that manufactures desktop computers, laptops, mobile phones, smart home systems, and other electronics, was pushing the backdoor to customers for at least five months last year before it was discovered, according to new research from the Moscow-based security firm.

The researchers estimate half a million Windows machines received the malicious backdoor through the ASUS update server, although the attackers appear to have been targeting only about 600 of those systems.
...
...
 
Last edited:

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
I know that even when a business is really proactive and careful, they can still be hacked by a dedicated attack.

But... there needs to be a class-action lawsuit or other financial penalties to force trusted certificate issuing entities to apply all sorts of security and data checks to ensure these types of incidents don't happen.

If you don't penalize businesses who don't try hard enough.... there is little incentive for others to expend the resources to do the right thing.

ASUS could have had a software update integrity check system to ensure that distributed software was not tampered with.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
The malicious file was signed with legitimate ASUS digital certificates
The researchers estimate half a million Windows machines received the malicious backdoor through the ASUS update server, although the attackers appear to have been targeting only about 600 of those systems.
Quite similar to the famous CCleaner incident. It's a targeted attack that is almost impossible to detect.
Like @Burrito said, the responsibility lies with the business whose poor security policies allowed them to get hacked down to their socks, and then not even notice that their signing mechanism was pwned. LOL those guys were sleeping on the job.
 
Last edited:

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Yes and remember how many people stopped using CCleaner because of this? And is there a fix for it?
I have an ASUS Mobo, and this gives me one more good reason to get a Gigabyte next time . Fortunately, I don't have ASUS's garbage software installed.

I assume that all the AVs will soon be detecting it.
 

SUPRA

Level 3
Verified
Nov 26, 2016
109
MSI is the best in terms of motherboard at least.

I have an ASUS Mobo, and this gives me one more good reason to get a Gigabyte next time . Fortunately, I don't have ASUS's garbage software installed.

I assume that all the AVs will soon be detecting it.
As far as I know Gigabyte's have DRAM cooling issue in their mid tier motherboards. High-end motherboards are good...
 

Wraith

Level 13
Verified
Top Poster
Well-known
Aug 15, 2018
634
I have an ASUS Mobo, and this gives me one more good reason to get a Gigabyte next time . Fortunately, I don't have ASUS's garbage software installed.

I assume that all the AVs will soon be detecting it.
Please don't get a gigabyte motherboard. I have had three of them failed in my family and they were just used for family work like surfing, watching movies, listening songs and working with MS office. ASUS, MSI and ASRock have given me the best service so far. It's just a shame that ASUS couldn't defend their servers from these hackers but otherwise they make excellent hardware components. I have an i5 2500 with an ASUS H61 mobo and it's still running since 2011.
 

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
Quite similar to the famous CCleaner incident. It's a targeted attack that is almost impossible to detect.
Like @Burrito said, the responsibility lies with the business whose poor security policies allowed them to get hacked down to their socks, and then not even notice that their signing mechanism was pwned. LOL those guys were sleeping on the job.
people need to stop trusting certificates from every company. Other than microsoft, google, mozilla you are probably pushing it.

EDIT:If you do that and don't install updates for useless stuff every week you are fine as the chances of stuff not getting known is low.
People should only maintain their software only after a changelog was posted for a while and it makes sense to update. Blindly pushing yes update is stupid.
 
F

ForgottenSeer 72227

This is quite interesting!

It seems like more and more of these types of things are happening/will happen in the future. It's kind of smart in a way, as it can go undetected for very long periods of time. This can happen to anyone unfortunately. While I have and love Asus products, I may have to consider other brands during my next build, not because this happened, but because of their attitude and stance on the matter. The simple fact that they brushed it off without a second thought, or even taking the time to dig deep into it, IMHO really shows how much they care about their customers. Thankfully I don't have any of those pieces of software installed so I am all good on that front, but as I've said, due to their poor response, I may have to consider other brands in the future.
 
F

ForgottenSeer 58943

Yes and remember how many people stopped using CCleaner because of this? And is there a fix for it?

I think most of us stopped because Avast bought it and the compromise just happened to be around the same time. I don't think anything associated with Avast is a good idea to use.

As for these types of compromises. Never trust garbage bloatware from these firms. The most absolute minimum investment of resources, time, money and security is always applied to this bloatware trash from ALL vendors. The first and most golden rule of any new laptop purchase is to DBAN the thing, and reinstall a fresh non-vendor specific new copy of Win10 pro, and keep that bloatware trash off of your systems.
 
F

ForgottenSeer 72227

I smell a big lawsuit $$$ coming. Who knows what the malware did to the computer unless someone gets their hands on the actual malware.

Ya, I won't be surprised if this happens. If anything it will happen simply on the fact that they were told about this about 2-3 months ago, but their ego got in the way and ignored it. So as a result, their poor decision to handle the matter appropriately will come back around and bit them unfortunately.
 

SUPRA

Level 3
Verified
Nov 26, 2016
109
What if it is not a gaming rig, just a general purpose machine? Would you still say that MSI is better?
Dear sir as I told you their mid tier boards are horrible whether it is for gaming or casual use, their dram's are horrible they keeps on failing. As @devjit2018 said you can consider ASRock or MSI both are good also Asus used to be good I have an old system with Asus mobo for 5 years not got a single problem, but I am not happy with their BIOS and other softwares they all are pretty buggy even the drivers. I always download Intel authentic drivers from intel site.
You can see this YouTube channel Actually Hardcore Overclocking he has done a pretty good work in terms of testing mobos...
 
  • Like
Reactions: JB007 and shmu26
L

Local Host

Dear sir as I told you their mid tier boards are horrible whether it is for gaming or casual use, their dram's are horrible they keeps on failing. As @devjit2018 said you can consider ASRock or MSI both are good also Asus used to be good I have an old system with Asus mobo for 5 years not got a single problem, but I am not happy with their BIOS and other softwares they all are pretty buggy even the drivers. I always download Intel authentic drivers from intel site.
You can see this YouTube channel Actually Hardcore Overclocking he has done a pretty good work in terms of testing mobos...
If you have problems with ASUS BIOS, you have problems with ASUS MBs in general. I actually been using ASUS MBs for over a decade and never had a single problem with their BIOS updates, in fact they one of the few MBs suppliers who actually support and update their BIOS for years.

Then again this is 2019, there are no MBs with BIOS on the market.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
but I am not happy with their BIOS
Thanks. I am not happy with the ASUS BIOS either. I have one on my desktop and for the first year or so, it took forever until the BIOS menu would load, and switching to sub-menus took another forever. Now it's working more or less okay, but that's like buying shoes that hurt your feet for the first year!
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top