cancel
Showing results for 
Search instead for 
Did you mean: 

WARNING: ShadowHammer campaign to install malware through ASUS software update

hexaae
Level 13
Kaspersky Lab has uncovered a new advanced persistent threat (APT) campaign affecting more than a million computer users worldwide. Between at least June and November 2018, Operation ShadowHammer targeted users of the ASUS Live Update Utility, injecting a backdoor.

Each backdoor code contained a table of hardcoded MAC addresses – the unique identifier of network adapters used to connect a computer to a network. Once running on a victim’s device, the backdoor verified its MAC address against this table.

If the MAC address matched one of the entries, the malware downloaded the next stage of malicious code. Otherwise, the infiltrated updater did not show any network activity. In total, security experts were able to identify more than 600 MAC addresses hard coded into the malware.

A blog summarizing the attack can be found on Securelist.

https://shadowhammer.kaspersky.com/
// ASUS SCAR18 G834JY, i9-13980HX, 4090 256bit 16GB, 32GB 5600MHz RAM, 18" 16:10 2560x1600 240Hz G-Sync internal screen, external UWQHD 3440x1440 Mi 34" Monitor with Freesync, NVMe, 8BitDo Arcade Stick, EasySMX X10 controller, ROG Strix Carry mouse.
2,100 Views
1 REPLY 1

hexaae
Level 13
ASUS response to the recent media reports regarding ASUS Live Update tool attack by Advanced Persistent Threat (APT) groups
https://www.asus.com/News/hqfgVUyZ6uyAyJe1
// ASUS SCAR18 G834JY, i9-13980HX, 4090 256bit 16GB, 32GB 5600MHz RAM, 18" 16:10 2560x1600 240Hz G-Sync internal screen, external UWQHD 3440x1440 Mi 34" Monitor with Freesync, NVMe, 8BitDo Arcade Stick, EasySMX X10 controller, ROG Strix Carry mouse.