Introduction
This week, Kaspersky Lab reported initial details of a new supply chain attack on systems by computer giant ASUS. Dubbed ShadowHammer by Kaspersky, the attack leveraged a malicious version of ASUS Live Update, a utility that automatically updates system components such as BIOS, UEFI, drivers and applications. The malicious version included a backdoor trojan that reaches out to a C2 server to download additional payloads. It is estimated that at least half a million people installed the backdoored version of ASUS Live Update after an ASUS server that delivers the tool was compromised. Because the malicious file was signed with legitimate ASUS digital certificates, security tools allowed the malware through.
Article Link: http://blog.morphisec.com/asus-supply-chain-attack