ASUS Admits Its Live Update Utility Was Backdoored by APT Group [bleepingcomputer]
by CIRT Team
Asus confirmed today that its Live Update utility has been indeed infected with malicious code by an advanced persistent threat (APT) group as part of a supply chain attack which managed to compromise some of its servers.
“A small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers in an attempt to target a very small and specific user group,” says ASUS.
The company also said that “only the version of Live Update used for notebooks has been affected,” with all other devices not being affected by the supply chain attack.
Additionally, ASUS states that its “customer service has been reaching out to affected users and providing assistance to ensure that the security risks are removed.”
As detailed in the press release, the company fixed the issue in the ASUS Live Update tool’s 3.6.8 release by adding a number of security check mechanisms designed to block “malicious manipulation” via updates or any other methods.
To be able to block further attacks targeting its servers, ASUS says that it “updated and strengthened our server-to-end-user software architecture.”
The company also announced that it provides “an online security diagnostic tool” available for download HERE, which will allow ASUS customers to check if their computers have been impacted by the APT campaign.
Customers who discover that their machines have been affected are advised to “Immediately run a backup of your files and restore your operating system to factory settings. This will completely remove the malware from your computer.”
In addition, “In order to ensure the security of your information, ASUS recommends that you regularly update your passwords,” while users who want to check if they have the malware-free ASUS Live Update tool can do so by following the instructions available HERE.
For more, click here.