Asus Motherboard Owners: Do you have updater installed?

[moproblems99]

Looks like their updater may have been compromised.

https://motherboard.vice.com/en_us/...o-install-backdoors-on-thousands-of-computers

Edit: In case you don't read it, you were likely not a target.

Edit 2:

It does seem like they have been unresponsive and reportedly not notified any customers. Although considering the highly targeted nature, I'm not sure if it matters but pretty rotten not to let people know about it.

Kamluk said Kaspersky notified ASUS of the problem on January 31, and a Kaspersky employee met with ASUS in person on February 14. But he said the company has been largely unresponsive since then and has not notified ASUS customers about the issue.

The attackers used two different ASUS digital certificates to sign their malware. The first expired in mid-2018, so the attackers then switched to a second legitimate ASUS certificate to sign their malware after this.

Kamluk said ASUS continued to use one of the compromised certificates to sign its own files for at least a month after Kaspersky notified the company of the problem, though it has since stopped. But Kamluk said ASUS has still not invalidated the two compromised certificates, which means the attackers or anyone else with access to the un-expired certificate could still sign malicious files with it, and machines would view those files as legitimate ASUS files.

 

[biffzinker]

To bypass detection by major security solutions, the hackers signed the modified versions of the utility with legitimate digital certificates stolen from ASUS and pushed the trojanized system to the firm's update servers.

According to Kaspersky's findings, each backdoor code has a list of MAC addresses that would scan for a device's unique MAC address and download a malicious payload onto the computer once a match has been found. Out of the hundreds of thousands of potentially affected devices, only 600 specific MAC addresses were targeted by the malware.

Kaspersky researchers also found three other vendors based in Asia whose software was infected with the same backdoor.

The company discovered the malware in January and has since reported it to ASUS and the three other unnamed vendors. Full details of ShadowHammer will be presented at Security Analyst Summit 2019 in Singapore from April 9 to 11.

https://www.neowin.net/news/asus-up...ackdoor-potentially-affecting-1-million-users

 

[Space Lynx]

don't forget to install their RGB software too! trust us!

 

[FreedomEclipse]

I dont use any Asus software with my Asus board other than. the lighting thing that doesnt even work half the god. damn. time.

 

[biffzinker]

the lighting thing that doesnt even work half the god. damn. time.

Asus's Q&A for software is lacking in quality? No one should be expecting much from any of the name brands.

 

[erixx]

whats for sure is their Update never updated a fook!

 

[Boatvan]

This is sounding very nation-statey. Not to bring out the tinfoil hats, but using legitimate certs nefariously seems to be a signature move for advanced persistent threat actors. The targeted nature of the additional payloads also supports this. I think most people are fixated on how poorly ASUS is handling this (legitimate point), but not how scary this seems to be (to me at least).

 

[DeaconFrost]

I've had mine running for a few months, and has yet to find an update. BIOS updates are done through the actual BIOS (for me), so I'm thinking of removing the utility completely. I could never find a way to stop it from running at boot, either. That alone makes me not a fan.

 

[erixx]

when you uninstall Asus software you still have to check and delete some Folders, Services, Autoruns, and Task Scheduler. Apart from creating "Asus" folders everywhere, they also put a "LightingService" folder out in the open of the main Program folder... etc etc etc