Kaspersky Lab has uncovered a new advanced persistent threat (APT) campaign affecting more than a million computer users worldwide. Between at least June and November 2018, Operation ShadowHammer targeted users of the ASUS Live Update Utility, injecting a backdoor.
Each backdoor code contained a table of hardcoded MAC addresses – the unique identifier of network adapters used to connect a computer to a network. Once running on a victim’s device, the backdoor verified its MAC address against this table.
If the MAC address matched one of the entries, the malware downloaded the next stage of malicious code. Otherwise, the infiltrated updater did not show any network activity. In total, security experts were able to identify more than 600 MAC addresses hard coded into the malware.
A blog summarizing the attack can be found on
Securelist.
https://shadowhammer.kaspersky.com/
// ASUS SCAR18 G834JY, i9-13980HX, 4090 256bit 16GB, 32GB 5600MHz RAM, 18" 16:10 2560x1600 240Hz G-Sync internal screen, external UWQHD 3440x1440 Mi 34" Monitor with Freesync, NVMe, 8BitDo Arcade Stick, EasySMX X10 controller, ROG Strix Carry mouse.