Best Top Reviews Online

The ASUS Software Update Server Has Been Compromised to Distribute Malware

In September 2017, the CCleaner hack was one of the largest supply chain attacks, infecting over 2.3 million users with a backdoored version of the software.

Today, security researchers disclosed another massive supply chain attack that compromised more than a million computers manufactured by ASUS, a Taiwanese tech giant.

In 2018, between June and November, a group of state-sponsored hackers successfully hijacked the ASUS Live automatic software update server and pushed malicious updates that installed backdoors on over one million Windows computers worldwide.

Asus was informed of the ongoing supply chain attack on January 31, 2019, according to cybersecurity researchers from the Russian company Kaspersky Lab, who discovered and dubbed the attack Operation ShadowHammer.

After analyzing over 200 malicious update samples, researchers determined that hackers did not intend to target all users, but rather a specific list of users whose MAC addresses were hardcoded into the malware.

“We were able to extract over 600 unique MAC addresses from more than 200 attack samples. Obviously, there may be additional samples with different MAC addresses in their list “Researchers assert.

Similar to the CCleaner and ShadowPad attacks, the malicious file was signed with legitimate ASUS digital certificates so that it would appear to be an official software update and remain undetected for an extended period of time.

Researchers have not yet attributed the attack to an APT group; however, certain evidence links the most recent attack to the 2017 ShadowPad incident, which Microsoft attributed to the BARIUM APT actors behind the Winnti backdoor.

Researchers state, “Recently, our colleagues from ESET wrote about another supply chain attack in which BARIUM was also involved, which we believe is also connected to this case.”

At least 57,000 Kaspersky users downloaded and installed the version of ASUS Live Update that contained a backdoor, according to Kaspersky.

“We [researchers] are unable to calculate the total number of affected users based solely on our data; however, we estimate that the true scope of the problem is much larger and may affect more than one million users globally,” Kaspersky says.

According to Symantec’s statement to Vice, the company discovered the malware on over 13,000 machines running its antivirus software.

The majority of victims identified by Kaspersky are from Russia, Germany, France, Italy, and the United States, but the malware infected users from all over the world.

Kaspersky has informed ASUS and other antivirus companies of the attack, while an investigation into the matter is ongoing.

The antivirus company has also released an automated tool for users to determine if they have been specifically targeted by the advanced persistent threat ShadowHammer.

Why Trust Us?

Best Top Reviews Online was established in 2018 to provide our readers with detailed, truthful, and impartial advice on what to buy. We now have millions of monthly users from all over the world and annually evaluate over a thousand products.

The above article was written by the BestTopReviewsOnline team, which consists of some of the most knowledgeable technical experts in the United States. Our team consists of highly regarded writers with vast experience in smartphones, computer components, technology apps, security, and photography, among other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus

Get more info



Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.

Disclaimer is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to As an Amazon Associate I earn from qualifying purchases.


Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of