Shadowhammer, a virus infects asus pcs through 'asus live update'

Possibly as many as a million people have downloaded and installed a version of the Asus Live Update utility, which was infected by a backdoor called ShadowHammer hosted on the official Asus servers.

ShadowHammer infects computers through Asus Live Update

The backdoor was discovered by Kaspersky, who has been called ShadowHammer, and was actually an attack targeting a small number of users. Kaspersky said the ShadowHammer attack had been detected worldwide, most commonly in Russia and Germany, with about 5% of victims in the United States.

From a security standpoint, the most disturbing aspect of the malware is that it was digitally signed with legitimate security certificates, a seal of authenticity that would make it indistinguishable from an actual update. They were even hosted on Asus servers. The Live Update software can be downloaded from the Asus website, and it also comes preloaded on branded PCs.

Asus Live Update software is designed to check for new versions of programs published on the Asus website, and then automatically update the BIOS, drivers, and applications on a PC. If ShadowHammer allowed the PC to download malicious BIOS software from somewhere else, that software could basically take over the entire PC.

Kaspersky did not specifically say whether its software would block the attack, but the company said it had designed a tool to determine if its PC was one of the target machines, about 600 addresses in total.

At the time of writing these lines, the company has not commented on it.

Bleepingcomputer font