Cybersecurity vendor, Kaspersky Labs, has slammed ASUS for selling over one million PCs with malicious trojanized utilities – claiming it’s “one of the biggest supply chain incidents ever.”
Published to the company’s blog, Kaspersky claims a million ASUS PCs received a malicious software update distributed via official channels.
The news comes over a year after Kaspersky’s own security standards were questioned, with retailers such as Harvey Norman reportedly pulling its products from shelves.
The vendor has since opened a new Swiss data centre to combat spying concerns, and testified before US Congress over its products security in late 2017.
Kaspersky claims the newly discovered ASUS vulnerability is even bigger than the infamous CCleaner debacle.
The cyber-security specialist claims the trojanized utility was signed with a legitimate certificate, and hosted on the official ASUS server dedicated to updates – undetected for a “long time.”
“The criminals even made sure the file size of the malicious utility stayed the same as that of the original one,” remarks Kaspersky.
“Thanks to a new technology in our products that is capable of detecting supply-chain attacks, our experts have uncovered what seems to be one of the biggest supply-chain incidents ever (remember CCleaner? This one’s bigger)”
“A threat actor modified the ASUS Live Update Utility, which delivers BIOS, UEFI, and software updates to ASUS laptops and desktops, added a back door to the utility, and then distributed it to users through official channels.”
The company claims over 57,000 users of Kaspersky Labs products have installed the backdoored utility, however, is estimated to have been distributed to around 1 million people.
After investigating the attack, Kaspersky claims the same technique has been used against software from thee other vendors, with ASUS and the other companies now informed.
“As of now, all Kaspersky Lab solutions detect and block the trojanized utilities, but we still suggest that you update the ASUS Live Update Utility if you use it. Our investigation is still ongoing.”
