Like many PC vendors, Asus ships computers with a utility that can download and install firmware updates. And last year hackers managed to create a version of that Asus Live Update utility with a backdoor that makes it possible to deliver malware to a user’s computer directly from Asus servers.

Security researchers at Kaspersky Lab identified the supply chain attack earlier this year, and was planning on discussing it in detail at a security conference next month, but released some information early due to reporting on the situation by Motherboard.

Asus, meanwhile, says that a fix for the problem has been released and that only a relatively small number of users were affected… although that last bit is up for debate.

Kaspersky has identified 57 thousand computers that had the backdoored version of Asus Live Update. But the company notes that the goal of the attack seems to have been to target a specific group of users based on the MAC addresses of their computers’ network adapters.

The security researchers identified more than 600 unique MAC addresses that were targeted — and that may be why Asus says “a small number of devices have been implanted with malicious code.”

But here’s the thing — Kaspersky says the number of MAC addresses targeted could be higher. And the number of computers with a backdoor in their firmware updating tool is almost certainly much higher.

Kaspersky’s 57-thousand figure is only for computers that are running Kaspersky security software. Most computers aren’t running that software, so the company estimates the real number of PCs with a backdoor could be as high as half a million.

According to Motherboard’s reporting, security company Symantec confirmed Kaspersky’s research and noted that at least 13 thousand more computers had a backdoored version of the update utility.

While some folks aren’t particularly impressed with the response from Asus, if you do have one of the company’s computers you should probably check out the Asus announcement for details on how to find out if your system is affected and/or how to make sure you have the latest (allegedly safe) version of Asus Live Update installed.

Support Liliputing

Liliputing's primary sources of revenue are advertising and affiliate links (if you click the "Shop" button at the top of the page and buy something on Amazon, for example, we'll get a small commission).

But there are several ways you can support the site directly even if you're using an ad blocker* and hate online shopping.

Contribute to our Patreon campaign

or...

Contribute via PayPal

* If you are using an ad blocker like uBlock Origin and seeing a pop-up message at the bottom of the screen, we have a guide that may help you disable it.

7 replies on “Hackers hijacked Asus Live Update tool to infect PCs”

  1. I’d like to think that all other makers that have a built-in update mechanism are double-checking their wares as we speak. Because, you know… they “take your security and privacy. Seriously”(TM).

  2. I wonder if the governments of the world could agree on making malware distribution a capital offense.

  3. Glad I don’t have Asus live installed on any of my PCs. My Android phone updates apps all the time… I wonder what would happen if malware was pushed as an update to a popular app? Or what if malware was inserted into an Ubuntu package update (one that usually runs as root).
    I’m surprised if anything is malware-free these days.

    1. The entire business models are pushing to have everyone have their wealth in digital currency (as in Banking, Payments, etc etc), yet, there are so many carelessness happening.

      And in this era, your identity is just as important. So people stealing your details, then your passwords, via any route possible…. leads to losing thousands of dollars from millions of people.

      1. Yep. Marketing cart before security horse. Pushing fast iteration products out the door is the game, bugs and security holes be damned! Thats modern marketing which is why China wins that game cuz they even faster and sleezier than we are.

Comments are closed.