Asus Live Update Pushed Malware to 1 Million PCs

Asus Live Update Pushed Malware to 1 Million PCs

Asus sells a lot of laptops, and Kaspersky says a shocking number of those devices were infected with malware last year. The sketchy code didn’t get on those machines via a hacked website or malicious browser extension. No, Asus itself pushed the malware to hundreds of thousands of machines after attackers gained control of the company’s update servers.

The attack, dubbed ShadowHammer, affected many thousands of computers, but it was a highly targeted attack. Kaspersky became aware of the scheme in January when it updated its scanning tools with supply-chain detection technology. A supply-chain attack involves bundling malware with systems when they are manufactured, sold, or via vendor update systems. ShadowHammer went undetected for so long because it didn’t have any immediate effect on most of the infected systems. The attackers were looking for about 600 very specific machines.

According to Kaspersky, the malware arrived on machines for about five months last year, from June to November. Like everything else distributed via the Asus Live Update tool, the programs were signed by Asus and automatically trusted by the system. The program, called “ASUSFourceUpdater.exe,” masqueraded as an update to the Live Update tool, but it was actually an older version of the program trojanized with malware. Russia, Germany, and France had by far the most ShadowHammer infections, followed by Italy and the US.

Asus Live Update Pushed Malware to 1 Million PCs

After installation, the malware scanned the computer’s unique network card MAC address, looking for a match on its embedded list of 600 systems. If the program found a match, it would reach out to a command and control server to download additional malware to take over the computer. So, the attackers knew who they were going after and cast the widest net possible in an attempt to catch them. Kaspersky researchers know the MAC addresses targeted, but we don’t know who owned those systems or how the attackers learned their hardware IDs.

Kaspersky believes those behind ShadowHammer also perpetrated the CCleaner attack 2017. That malware campaign also targeted Asus and could be how the attackers gained access to the Asus servers. Kaspersky will publish a full report on the malware soon, but there’s a summary post already available. Researchers have also put up a page where you can input your MAC address to see if it was on the target list. Kaspersky’s security tools will now detect and remove ShadowHammer as well.

Continue reading

Apple Cuts Fees in Half for App Store Developers Earning Less Than $1 Million
Apple Cuts Fees in Half for App Store Developers Earning Less Than $1 Million

Going forward, Apple's customary 30 percent cut of sales on the iOS platform will drop to just 15 percent for smaller developers. Epic, however, claims this is just an attempt to split the developer community.

There Are Still 100 Million PCs Running Windows 7
There Are Still 100 Million PCs Running Windows 7

Microsoft officially ended update support for Windows 7 last year, but millions of PCs are still running this software of yesteryear. According to long-time Microsoft reporter Ed Bott, that number is probably north of 100 million a year after the end of support.

Google Slashes Play Store Fees for Developers Making Less Than $1 Million
Google Slashes Play Store Fees for Developers Making Less Than $1 Million

Google has followed Apple's lead in announcing a new, lower revenue split for all earnings under $1 million per year. Instead of paying 30 percent of every sale, developers in this category only pay 15 percent.

Man Blames Apple After iPhone Scam App Steals $1 Million in Bitcoin
Man Blames Apple After iPhone Scam App Steals $1 Million in Bitcoin

He made the mistake of downloading an app from the iOS App Store. In the blink of an eye, his fortune was gone, and he blames Apple.