Hackers attacked one million-plus Asus users through malicious update

Moscow-based cybersecurity provider Kaspersky Lab said the attack took place between June and November last year


Reuters March 26, 2019
Logos of Taiwanese multinational computer hardware and electronics company Asus are seen during the annual Computex computer exhibition in Taipei, Taiwan June 1, 2016. PHOTO: REUTERS

Hackers were able to deliver malware to the more one million-plus Asus computer owners last year by hijacking the company’s software update system, security researchers said on Monday.

Moscow-based cybersecurity provider Kaspersky Lab said the attack took place between June and November last year and was used to deliver a software update with a “backdoor” that would give hackers access to infected machines.

Pakistani hacker awarded $5,000 for finding bug in Chrome, Firefox

“We are not able to calculate the total count of affected users based only on our data; however, we estimate that the real scale of the problem is much bigger and is possibly affecting over a million users worldwide,” Kaspersky said in a blog post.

Researchers at cybersecurity company Symantec were also able to identify the attack against Asus users, a Symantec spokeswoman said.

Asus said it would provide a statement on Tuesday.

The attack, which was first reported by technology news website Motherboard, shows how hackers are able to leverage the size of technology companies and their suppliers to reach large numbers of victims.

Browser Wars: Google’s Chrome challenging Firefox

Kaspersky said that more than 57,000 of its users had downloaded and installed the compromised Asus update but the hackers intended to target a smaller number of unknown victims.

Kaspersky said it informed Asus about the attack in January and was assisting the company with its investigation.

COMMENTS

Replying to X

Comments are moderated and generally will be posted if they are on-topic and not abusive.

For more information, please see our Comments FAQ