A Slight Mishap: Asus Unknowingly Loads Malware onto Thousands of Computers


Computers have become an integral part of our lives as humans. Every individual depends on computers in one form or another. We use computers for work, school, and other aspects of our lives. Given how intertwined our lives are with technology, it is incredibly vital for us to protect our computers from malware and viruses that may slow down or even incapacitate our computers.

Malware and viruses are created by individuals who aim to steal your information. In order not to be traced back to its source, some forms of malware even erase your hard drive after it gets what it wants. Luckily, corporations such as McAfee and Kaspersky exist to fight against those deadly viruses and malware, keeping our systems up and running. However, there are instances where a few strands of code can slip into the cracks of security undetected, putting a lot of people at risk.

After getting its servers hacked last year, Taiwanese tech giant Asus unknowingly loaded malware onto thousands of computers during software updates. According to the Russian cybersecurity company Kaspersky, this mishap has the capability to affect at least one million users, if not more.

Upward of 57,000 users installed the malicious backdoor onto their Asus computers after hackers infiltrated servers for Asus’s live software update tool

According to Kaspersky, the malware was signed under a legitimate certificate and was hosted on the Asus server that was dedicated to updates. Not only did this allow the malicious software to remain undetected for a long time, but it also gave it access to multiple users who updated their Asus computers. Asus attempted to minimize the publicity that this mishap gained, stating that the malware only affected a small number of devices. However, the tech company also acknowledged that the hack did happen, and that malware was able to infiltrate their system.

Cleaning up the mess

There were no specifications by Asus as to how many devices were affected by malicious software. The tech company also expressed that while this infiltration occurred, they were making efforts in order to upgrade their software. This was to prevent malicious manipulation in the form that the hackers took. Asus also integrated a multiple security verification mechanism, hoping to be able to ward off other malicious attacks in the future. Along with this, the company also enhanced its end-to-end encryption mechanism following the attack.

Compensation and assistance

In the aftermath of the discovery, Asus customer service representatives have reached out to users who were affected by the malware. They aided in dealing with the malware and assisted in ensuring that this threat to security was removed.

Multiple targets

According to Kaspersky, their investigations and analysis found that the infiltrators had deployed the same techniques against three other companies. However, only Asus has reported the existence of this malware on their software.

Dubbed as “ShadowHammer”, the infiltration and attack on Asus was discovered after Kaspersky added a new supply-chain detection system to the way they scanned software for malware. Representatives from the company state that they will be releasing a full report on the incident in the coming months.

Supply-chain attacks have been gaining traction in the past years, which causes alarm amongst the tech community. This type of attack occurs when malware is installed within systems during production, manufacturing, or assembling processes. The malware may also infiltrate devices through later updates to the software as well.

Constant improvement to both antivirus systems and computer producing corporations is needed in order to give consumers the assurance that their information remains safe. As malware and viruses continue to evolve and become more undetectable, it is the responsibility of both the producers and users to make sure that malicious software does not infiltrate the lives of people who depend so much on computers.

Add comment

Security code