Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

WARNING: ShadowHammer campaign to install malware through ASUS software update

hexaae
Level 12

‎03-25-2019 11:20 AM - last edited on ‎03-06-2024 08:31 PM by Community Admin

Kaspersky Lab has uncovered a new advanced persistent threat (APT) campaign affecting more than a million computer users worldwide. Between at least June and November 2018, Operation ShadowHammer targeted users of the ASUS Live Update Utility, injecting a backdoor.

Each backdoor code contained a table of hardcoded MAC addresses – the unique identifier of network adapters used to connect a computer to a network. Once running on a victim’s device, the backdoor verified its MAC address against this table.

If the MAC address matched one of the entries, the malware downloaded the next stage of malicious code. Otherwise, the infiltrated updater did not show any network activity. In total, security experts were able to identify more than 600 MAC addresses hard coded into the malware.

A blog summarizing the attack can be found on Securelist.

https://shadowhammer.kaspersky.com/
--
ASUS ROG Strix GL703GS, GTX 1070 8GB, 32GB RAM, 1920x1080 144Hz G-Sync laptop screen, external monitor UWQHD 3440x1440 Mi Monitor, NVMe 4x, 8BitDo Arcade Stick, EasySMX X10 controller, ROG Strix Carry mouse
Labels:
0 Kudos
1,914 Views
1 REPLY 1

hexaae
Level 12

‎03-27-2019 07:57 AM

ASUS response to the recent media reports regarding ASUS Live Update tool attack by Advanced Persistent Threat (APT) groups
https://www.asus.com/News/hqfgVUyZ6uyAyJe1
--
ASUS ROG Strix GL703GS, GTX 1070 8GB, 32GB RAM, 1920x1080 144Hz G-Sync laptop screen, external monitor UWQHD 3440x1440 Mi Monitor, NVMe 4x, 8BitDo Arcade Stick, EasySMX X10 controller, ROG Strix Carry mouse
0 Kudos