![]() Kaspersky’s Sarah Kitsos did not comment on the findings. When reached last week about the claims, Asus spokesperson Gary Key had no immediate answer to several questions we had and referred comment to its headquarters. Taiwan-based Asus is said to have around a 6 percent share of the computer market, according to Gartner, shipping tens of millions of computers each year. As I was doing this, ASUS Live Update pops up telling me there is an update available. Motherboard said Kaspersky reported the backdoored software on January 31. Anyway, I was using the laptop the moment I got home and was transferring many GB worth of files, videos and pictures, and of course, applications. ![]() Some 2.3 million customers were affected by that backdoor, blamed on hackers who reportedly targeted tech giants.Īsus has not informed customers of the vulnerability after it was discovered earlier this year. ![]() The backdoor bears a resemblance to CCleaner, which similarly used a code-signing certificate to hide any malicious component. One of the backdoored files used a certificate created in mid-2018 but which was different from Asus’ regularly used certificates.Īccording to Motherboard’s report the certificates are still active and have not been revoked, posing a continued risk to Asus customers. These so-called supply chain attacks are particularly difficult to detect because it often involves targeting a company insider or infiltrating the company directly. It’s believed the hackers had access to Asus’ own certificates to sign the malware through Asus’ sprawling supply chain, a factor line of developers and vendors from around the world trusted to develop software and provide components for Asus’ computers. The compromised file with Asus’ certificate (Image: Kaspersky)
0 Comments
Leave a Reply. |