
Do you have an ASUS computer? Hackers have compromised ASUS’s supposedly trusted software update system and injected malware into their customers’ computers.
What happened?
Every ASUS computer has an automatic software update system called “Live Update”. Live Update is pre-installed at the factory on every new computer. Live Update allows ASUS to automatically push and install software updates to their customers’ computers.
Unfortunately, hackers have compromised ASUS itself and used it to send malware to their customers via the Live Update system. Very disturbingly, the malware is cryptographically signed to ‘prove’ that it is (1) originally from ASUS and (2) has not been tampered with since it is released from ‘ASUS’.
Researchers at cybersecurity firm Kaspersky Lab estimated that half a million Windows machines received the malware through the ASUS’s Live Update. However, it appears that the hackers are targeting only 600 of these computers.
Are you safe even if you are not one of the 600?
No. The malware merely stays silent if your computer is one of the 600. However, it is still actively running in your computer and can potentially do more than just staying silent.
What can you do?
Asus has released a press release, saying it has a second “security diagnostic” tool you can use to scan to see if your computer has been affected. Inside the press release, there is a link to download the tool.
After you download the tool, you should check its digital signature to ensure its authenticity before running it. My book has more details on how to check a software’s digital signature.
What happens next?
Kaspersky Lab is still investigating this cybersecurity incident and will release more information soon. If you want to be kept informed about this, please subscribe to our emailing list.