ShadowHammer attack: ASUS unknowingly distributed malware with official updates for nearly six months

“The ShadowHammer attack compromised one of ASUS’ servers that rolled out software updates, affecting nearly 500,000 Windows devices in all.”

ASUS, one of the world’s most popular PC and component manufacturers, was seemingly distributing malware through official software updates for nearly six months. The attack, which reportedly affected over half a million devices across the world, has been named ShadowHammer and was spotted by Kaspersky Labs. According to the report, hackers compromised one of the ASUS servers, in particular, the one that is used to roll out software updates to all ASUS products.

By compromising and gaining access to the server, the group of hackers then distributed a malware into the software, which was then pushed out as updates. However, they could not be detected for such a long duration as they bore the ASUS digital certificate, appearing authentic to any security verification tool. This essentially installed a backdoor into every laptop and PC that installed the update and gave the hackers direct access to these machines. The malware was built to search using the devices’ MAC address. However, Kaspersky’s researchers state that only about 600 devices were targeted by the attackers.

ASUS ZenBook 13 review20

It is not entirely clear why only a small subset of users was targeted in this attack. While the purpose of the attack seems to be rather specific, the usage of compromised data is not clear as of now. The nature of the ShadowHammer attack, however, puts into perspective the overall cybersecurity threat that is gradually rising through a wide variety of hacks. Companies are being increasingly targeted to spread malware, morphed as genuine software that users will find no harm in installing onto their devices.

The ShadowHammer attack could have had many severe consequences, had the hackers exploited all the devices. The severity of attacks such as NotPetya, which was spread across the world, exposed the heightened risk that advanced cyber warfare is posing in multiple industries. The ShadowHammer attack was spotted at the end of 2018, and researchers have stated that it has since been patched.