Security Researchers at Kaspersky Lab have discovered a massive supply chain attack that could have compromised over 1 million computers by the Taiwan-based manufacturer ASUS.
This attack has been going on for months, in January 2019 the sophisticated supply chain attack which involved the ASUS Live Update Utility was discovered and it has been said that the attack had been going on between June 2018 & November 2018 and affected a large number of users.
The goal of the attack was to target a specific number of users identified by their network adapters MAC address. The attack hardcoded a list of MAC Addresses in the trojanized samples and this list was used to identify the targets of this massive operation. 600 Unique mac addresses have been extracted from over 200 samples.
The attack has stayed undetected for so long, due to the trojan being signed with the legitimate “ASUSTeK Computer Inc.” certificate and the samples being hosted on the official ASUS update servers.
Over 57,000 Kaspersky users have downloaded and installed the backdoored version of ASUS Live Update, but they are unable to estimate the real scale of the problem using just their data. Another 13,000 machines that have Symantec antivirus had also being reported as installing the ASUS Live Update.
This attack is similar to the CCleaner attack that happened between August & September 2017. Over 2.3 Million users downloaded the infected application from the official website and the malware collected information about an infected system such as the name, installed programs, running processes, IP/MAC addresses and additional information such as administrative privileges and whether the system is 32bit or 64bit.
ASUS has been notified by Kaspersky as well as other antivirus companies. An investigation is still underway…