Users infected via software update utility.
Kaspersky Lab researchers have uncovered a large-scale attack against ASUS users in which a software update utility was modified and used to distribute malware.
The researchers said investigations into the attack – dubbed Operation ShadowHammer – are “still ongoing”, though they expect to publish a detailed technical paper and present their findings at a security conference in Singapore in mid-April.
Kaspersky said the attack “seems to be one of the biggest supply-chain incidents ever” and estimates a million people may have been exposed to the malware.
However, only a small number of users appeared to be of any interest to the attackers.
“They targeted only 600 specific MAC addresses,” the researchers said in a blog post early on Tuesday.
Kaspersky researchers said they had detected the attack in January this year “thanks to a new technology in our products”. The attack was live “between June and November 2018.”
“A threat actor modified the ASUS Live Update Utility, which delivers BIOS, UEFI, and software updates to ASUS laptops and desktops, added a back door to the utility, and then distributed it to users through official channels,” the researchers said.