Pirates of building a secret passage for malicious in tool Asus Software Update

ASUS-ZenBook-13-and-14

Revealed a new report about the vulnerability of ” hundreds of thousands ” of computers Asus with official sly to pull updates Asus. Managed the Pirates from getting a digital signature for the tool Asus Live Update through the use of one certificate the code signing of your company’s Taiwanese before being sent to the servers and download a subsidiary of Asus. Hosted servers tool suspicious for several months in the year 2018, the report says.

Adds report from the site Motheboard also been using this tool then the state updates malware to computers Asus that come preinstalled with the tool Asus Live Update. Support site TechCrunch that report a lot after hearing about the attack from the source ” has direct knowledge of the incident ” a few weeks ago.

The discovery of this tool mined for the first time by Kaspersky, a company which believes that it affects more than a million users. Have used the hacker a back door which created the secret in the tool Asus Live Update to send malware to the computers of your users who feel assured that these updates come primarily from the company’s servers Asus directly. Still certificates are awarded for this tool active and has not been cancelled yet, which means that users are still at risk.

The report mentions the possibility of the arrival of Pirates to the certificates Asus your for authentication on the malware through the supply chain network which include developers and sellers from all over the world. These partners develop software components for the company. It is often difficult to figure out attacks that are its command of the supply chain, especially when they are targeting someone from the company or when it is breached the company itself directly.

I didn’t expect the Asus with its customers on this subject so far has not commented on the report as well.

Source.

Leave a Reply

Your email address will not be published. Required fields are marked *