[ad_1]
A recent report revealed that "hundreds of thousands" of Asus owners were affected by an official malicious tool allowing them to remove Asus' updates. The hackers were able to obtain a digital signature from the Asus Live Update tool using one of Taiwan's signature code certificates before sending them to the Asus download servers. The servers have been hosting the suspect tool for several months in 2018, the report says.
The Motheboard report adds that this tool was then used to generate malicious updates on Asus computers preinstalled with the Asus Live Update tool. TechCrunch has been very supportive of this report after hearing about the attack from a source "who had direct knowledge of the incident" a few weeks ago.
This tool was first discovered by Kaspersky, the company that it claims affects more than a million users. Hackers used the backdoor secretly created in the Asus Live Update tool to send malware to users' computers. They are assured that these updates come mainly from Asus servers. The certificates for this tool are still active and have not been canceled yet, which means that users are still at risk.
The report mentions that hackers have access to Asus' own certificates for authenticating malware through the company's supply chain, which includes developers and vendors around the world. These partners develop software and components for the company. It is often difficult to detect the attacks generated by the supply chain, especially when a person is targeted by the company or when the company itself is directly involved.
Asus has not yet communicated with its customers about this and has not commented on the report either.
Source
Source: Electronic
Author Information
Related topics
Source link
