Virus hidden in ASUS Auto-Update tool

We have all heard about people getting their computers hacked and infected by viruses after downloading programs, games, files, and other content from warez sites and torrent sites all around the world. We have also heard about cases in which programs have been infected by malware, spyware and viruses by default, but the most recent case with ASUS is quite interesting.

In the last 24 hours, the news about how the ASUS auto-update tool got infected itself, which again led to thousands of computers to get infected as they used the auto-update tool, has hit the market. The Russian cyber-security company Kaspersky spread the news about the virus, and how the hackers used the auto-update tool to install hacker programs on the computer of the users. Since the auto-update program had permission to install all sorts of programs, the hackers could use the tool to install further programs on the computers of the targets.

What is interesting is that they haven’t really abused this on a large scale, but they mostly agree at the fact that there seems to have been certain targets (600 in total) that were targeted by the hackers. Who these targets are cannot be known, but all sources writing about the virus and the hackers, seems to agree on the fact that there were only 600 actual targets. In other words, your computer might have been opened and made available to the hackers using one of the backdoors opened by the virus, but if you haven’t been among the targets, the hackers haven’t taken actual advantage of it.

You can compare this issue to a robber walking around a complete neighborhood in which all the doors are open and the robber can actually enter every building without being noticed. But, he doesn’t enter every single building, instead he searches for that exact building of interest to him, and thus, most people do not suffer, even though the robber could potentially strike them at any time.

Is your computer affected/infected by Shadow Hammer?

The official name of the hack is Shadow Hammer. They might connect it to the ShadowPad malware. The goal of the malware was to check the MAC address of your computer, and if your MAC address was on the list of the targeted devices (600 in total), they would start downloading further backdoor programs to your computer which would make great harm to your device.

But, is your ASUS device actually infected? You can visit the Kaspersky website, enter your MAC address and find out right away.

Has you ASUS device been targeted by the ShadowHammer attack? Find out!
Has you ASUS device been targeted by the ShadowHammer attack? Find out!

This is just one example of how you cannot trust anyone in today’s digital world. As mentioned earlier in the article, this case reminds us quite a lot about the CCleaner virus that was discovered in 2017. CCleaner, a product of the anti-virus company Avast, came with a malicious backdoor. For more than a month users downloaded this tool and millions of computers were affected.

How the entire CCleaner hack took place is a really interesting study. Back then, when the hackers started their job, CCleaner was still a part of Piriform. The hackers managed to hack into some of the computers in the Piriform office using TeamViewer credentials. They then infected the computers with ShadowPad, a tool making them able to log keyboard clicks, do a DDoS attack and so much more. This gave them great access and insight into the tool.

Then it was time for Piriform to hand over CCleaner to Avast, and not only did Avast get a nice product, they also got an infected product. Luckily, they managed to stop the attack quite fast, but still more than 2 million computer were affected.

But, just like with the ShadowHammer attack, not all the infected computers suffered. Yet again, the hackers wanted to get hold of the enterprises using CCleaner, and it has been said that they managed to infiltrate around 11 enterprises using the hack.

Is there a way to stay safe of such viruses?

Now you might say that a VPN will keep you safe, but that isn’t true. You might say that an anti-virus program will keep you safe, but that doesn’t have to be true either. When a virus comes packed into an accepted package with digital signatures that seems to say that everything is okay, it is hard to discover them.

There are, of course, some golden rules that will help you stay clean from viruses, and they include having an updated anti-virus software running on your computer. It also includes having a VPN with a malware scanner active, and to only download content from websites that you trust. Another good advice is to keep all your programs and operating system up to date, but as we can see from the ShadowHammer example, that doesn’t always help you out. But, in most cases, it does!

Leave a Reply