ASUS, a Taiwan based Multinational computer, and phone Hardware Company has admitted yesterday that a hacking group named BlackTech has exploited its WebStorage software to install Please malware using a router level Man-in-the-Middle (MitM) cyber attack.
Another report from ESET says that its researchers have recently discovered that the cloud storage service of ASUS was exploited by several hacking groups on multiple occasions to install backdoors on victim computers for espionage-related activities.
ESET states that it detected the malware targeted mainly Asian government firms where ASUS computers were being used and that too those operating in and around Taiwan.
Generally, Malware is distributed through email phishing attacks. But in the case of ASUS cloud storage, a legitimate process called AsusWSPanel.exe – a part of Asus Cloud storage client Web storage program was seen activating the Plead backdoor.
Asus preliminary inquiry and ESET’s latest security report have confirmed that hackers were using Man-in-the-middle attack at the router level to exploit Asus cloud storage victims.
Note- Please is a malware which utilizes compromised routers as command and control servers for the remote operations of the malware.
Asus is said to have learned about the incident on April 21st this year and contacted its customers with a security concern. After launching a detailed inquiry it chose to shut down the Asus WebStorage update server and also ‘paused’ the issue of service updates notifications till this month end.
The Electronics vendor has already revamped its cloud host architecture by May 18th and has implemented several proactive security measures to strengthen its array in data protection.