Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Trojanised / Hacked Asus LiveUpdate (Armory crate?)

Ch3vr0n
Level 10

‎03-25-2019 09:47 AM

Hey forum user,

Are you using Asus LiveUpdate (Armory Crate?), then i suggest you stop using it and go back (like i do) the old fashioned way. Update things yourself by visiting the board website. Here's why you don't WANT it working / shouldn't be using it! Just got this linked by one of my favorite and local tech sites.

Armory Crate / Live Update is a SECURITY RISK and a big one! I've been saying that from the start and disable it immediately on every bios update. Need proof?

https://securelist.com/operation-shadowhammer/89992/
https://motherboard.vice.com/en_us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-...


The ball is in your court. Figured everyone deserves to know, if asus doesn't come out with a statement on these forums on their own.
Labels:
417 Views
19 REPLIES 19

SK8
Level 10

‎03-26-2019 05:35 AM

I agree it is bloatware I have it turned off in bios I don't install 98% of Asus programs as I have had issues with them in the past and I don't allow much on my game rig. I did find this today.... Update - ASUS has confirmed that released a fixed version of their Live Update tool and has “implemented an enhanced end-to-end encryption mechanism” to “strengthened [their] server-to-end user software architecture”. This should prevent any similar attacks from happening in the future.

ASUS has also stated that this attack was designed to "target a very small and specific user group", which means that most users of ASUS PCs should be unaffected by the attack. Users who are concerned about their PCs should download and run ASUS' security diagnostic tool, which will check to see if their PC has been impacted by a ShadowHammer-infected version of their Live Update tool.

source.... https://www.overclock3d.net/news/software/asus_software_updates_hijacked_to_install_shadowhammer_bac...

Edit I guess this link is just for Asus laptop not on Armory crate 😕
Bios 602 and did a bios update doh
passed 8hr test on Karhu RamTest
Set to Manual OC
Dram Frequency 4266MHz
Dram voltage 1.45v
CPU VCCIO Voltage 1.25v
CPU System Agent Voltage 1.29v
Dram timing control 17-18-18-38
Mode1
Dram command rate set to 2N set dram current capability to 130%
0 Kudos

tap002
Level 9
In response to SK8

‎03-26-2019 05:53 AM

https://rog.asus.com/forum/showthread.php?109913
0 Kudos

MrAgapiGC
Level 13

‎03-26-2019 05:59 AM

I do not belive is the crate. The crate is just a interface that is connected to the asus webpage from the board. that is it. nothing different. I used it and files are pull down from there.

So i not the crate. The live update app also works the same. just with out the nice interface with a nice app and news, that are the same as you enter the asus rog website. I am not concern with that.

regarding the test tool ONLY apply to asus machine. Mine is not. (even that all my gear is asus) so apply ONLY for laptops.

I have check the live update for my AI suite. version 36. Or is broken as always. or is doing anything as always. At least is a update direct but if there is, i can not find it.

As read only 600 computer where target of the bunch.
Learn, Play Enjoy!
0 Kudos

Ch3vr0n
Level 10

‎03-26-2019 08:38 AM

It's blatant rootkit level malware in the bios. Mine gets disabled on every boot and they should have the balls to do it to, or remove it all together. Let the user decide if they want to use it, not push that crap through bios. A new system builder would freak out not knowing about this in the bios, and on a fresh windows install be like "WTF where did this come from, new system"
0 Kudos

SK8
Level 10
In response to Ch3vr0n

‎03-27-2019 07:50 AM

Ch3vr0n wrote:
It's blatant rootkit level malware in the bios. Mine gets disabled on every boot and they should have the balls to do it to, or remove it all together. Let the user decide if they want to use it, not push that crap through bios. A new system builder would freak out not knowing about this in the bios, and on a fresh windows install be like "WTF where did this come from, new system"


Fully when I first seen this in my windows I was all wtf is this crap and googled its name on another PC . I cant stand junk programs for a scrub on a PC like this . I don't install all the Asus programs as I don't use it after I got conflict from programs to come with my ROG MB's years ago . Bottom line for me I control my PCs they don't control me more so since win10 as the industry tries so very hard to turn a PC into a console .
Bios 602 and did a bios update doh
passed 8hr test on Karhu RamTest
Set to Manual OC
Dram Frequency 4266MHz
Dram voltage 1.45v
CPU VCCIO Voltage 1.25v
CPU System Agent Voltage 1.29v
Dram timing control 17-18-18-38
Mode1
Dram command rate set to 2N set dram current capability to 130%
0 Kudos

mdzcpa
Level 12
In response to Ch3vr0n

‎03-27-2019 06:12 PM

Ch3vr0n wrote:
It's blatant rootkit level malware in the bios. Mine gets disabled on every boot and they should have the balls to do it to, or remove it all together. Let the user decide if they want to use it, not push that crap through bios. A new system builder would freak out not knowing about this in the bios, and on a fresh windows install be like "WTF where did this come from, new system"



You can disable the armory crate in the UEFI. No need to disable each boot.


The hack only affected Live Update.....the note book updater. Not EZ Update nor the crate. For those paranoid, just run the asus or Kaspersky tool.

The Crate is a terrible idea. I said this before. It is a well meaning feature that introduces a huge security concern. It is the first thing I disable before the OS goes in. ShadowHammer only uses the Live Update notebook app...but next time we may not be so lucky. Asus needs to do away with a UEFI level rootkit.
0 Kudos

Arne_Saknussemm
Level 40

‎03-26-2019 08:59 AM

If ShadowHammer breeds with Spectre we're in for it...

Whatever the damage...it's still not as bad as Corsair link or AI Suite 😛
ARNE’S GUIDE TO PC BUILDING HAPPINESS

ARNE'S GUIDE TO OVERCLOCKING HAPPINESS
0 Kudos

Telstar
Level 9

‎03-27-2019 09:24 AM

Havent used it and disabled from bios 🙂
0 Kudos

SK8
Level 10

‎03-28-2019 06:22 AM

MB Bios its under tools to disable it to help anyone who wants to turn it off and cant find it.
Bios 602 and did a bios update doh
passed 8hr test on Karhu RamTest
Set to Manual OC
Dram Frequency 4266MHz
Dram voltage 1.45v
CPU VCCIO Voltage 1.25v
CPU System Agent Voltage 1.29v
Dram timing control 17-18-18-38
Mode1
Dram command rate set to 2N set dram current capability to 130%
0 Kudos

l8dlik
Level 7

‎01-18-2024 02:24 PM

More people should see your message. This happened to me today when updating the "TUF GAMING Z790-PLUS WIFI - Device SDK" to ver. 3.00.21 (2024/01/16) via Armoury Crate. Bitdefender Real-time Protection stopped installation of this and quarantined the file and flagged it with Trojan Gen:Variant.Jaik.94758 (C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\Bongiovi_MB\x86Includes\Bon7D8C.tmp).

Could be false positive detection, however 3 hours since I contacted ASUS Support, without any answer, an update was made to the TUF GAMING Z790-PLUS Core SDK.

Asus - trojan 1 .PNG

0 Kudos