U.S. Markets close in 2 hrs 47 mins

Hackers attack over a million Asustek users through backdoor software update

FILE PHOTO: Logos of Taiwanese multinational computer hardware and electronics company Asus are seen during the annual Computex computer exhibition in Taipei, Taiwan June 1, 2016. REUTERS/Tyrone Siu

(Reuters) - Hackers targeted "hundreds of thousands" of Asustek computer owners by pushing a backdoor update software tool from the computer maker's own servers, cyber security firm Kaspersky Lab said on Monday.

Kaspersky said the attack, which took place between June and November 2018, is possibly affecting over a million users all over the world.

Cyber security firm Symantec's spokeswoman Jennifer Duffourg also confirmed the software supply chain attack against Asustek users.

"Based on our analysis, trojanized updates via URIs were deployed by ASUS' live update server between June and late October 2018. These updates were digitally signed using two certificates from ASUS," Duffourg said.

The hackers were targeting an unknown pool of users, who were identified by their network adapters' MAC addresses, Kaspersky said.

More than 57,000 Kaspersky users installed the backdoor version of ASUS Live Update, the report said.

Kaspersky said they informed Asustek about the attack on Jan. 31, 2019.

Asustek did not immediately respond to Reuters request for comment.


(Reporting by Vibhuti Sharma in Bengaluru and Angela Moon in New York; Editing by James Emmanuel)