A security alert issued by Russian Cybersecurity firm Kaspersky Lab says that all those using Asus computers around the world are vulnerable to software supply chain cyber attack. The research firm said on Monday that an Asus software update which took place between June and November’18 could have potentially opened up an exploiting backdoor for hackers.
Jennifer Duffourg, the spokeswoman for Symantec confirmed the news and added that ASUS users using the company’s computing devices could have fallen prey to trojanized updates called Shadowhammer made through URIs during Asus Live Update server sessions in between June- Nov’18.
“For some reason, the hackers were seen targeting an unknown section of users, identified through Mac addresses”, said Ms. Jennifer.
According to the info available to Kaspersky, more than 57,000 users of Asus computers could have fallen prey to fraudulent Asus live updates.
Kaspersky has already disclosed the issue to Asus through proper channel on January 31st, 2019. But since the authorities failed to acknowledge, the security firm decided to go public and alert all ASUS laptops users as a precautionary measure.
Note 1- Gartner says that Asus has reportedly shipped more than 4.2 million PC units in the 4th quarter of 2018. Means, it has clasped over 6.1 percent PC market share which is predominantly occupied by Microsoft.
Note 2- In October 2018, Asus made an official statement that its PC business will take a negative hit in H1 2019 due to issues like components shortage and inventory regulations as per the Cryptocurrency demand and due to trade conflicts hitting economies of countries with which it does business.