This site may contain outdated or incomplete information.
ShadowHammer
The update servers of ASUS company were compromised and a signed backdoored version of an application called ASUS Live Update Utility was distributed to the ASUS users. The application comes preinstalled on many Windows computers made by ASUS and is used to deliver updates for BIOS/UEFI firmware, hardware drivers and other ASUS tools.
Impact
Over a million users might have downloaded and installed a backdoored version of the application. For example, a report by Kaspersky shows over 57,000 Kaspersky users have installed the backdoored version of ASUS Live Update Utility. Interestingly, a second stage of the attack was deployed on at least 600 specific systems whose mac addresses were hardcoded to receive a secondary payload.
Type of compromise
It appears at the very least, the attackers had access to the update infrastructure and the code signing key.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.