Skip to content

ASUS accidentally Distributing Malware

  • by

shadowhammer

ShadowHammer

Many new ASUS systems have the ASUS Live Update utility. This utility was recently discovered to be hijacked by malware known as ShadowHammer and has since been distributing said malware to their systems.

While this tool is normally used to install drivers for the system and make it easier for normal users to keep their systems up-to-date; it has recently been re-coded to distribute the ShadowHammer malware. This malware attack occurred between June and November 2018 and was only recently discovered in January 2019.

A press release from ASUS and Kaspersky discussed their findings and estimate well over 1 million users may be affected. ShadowHammer was marked as a critical security update by the ASUS Live Update utility and automatically be flagged for installation.

ASUS has addressed this

…and a subsequent, legitimate, security update has been released. Alongside a diagnostic utility to determine if your system has been affected.

This type of attack just goes to show that even those we trust to make our computers are not safe, as the database that the ASUS Live Update utility pulls from is hosted on ASUS’s own servers; which have been scrubbed of the malware.

If you would\d like to avoid this type of attack in the future take some time to learn about your systems and how to update them manually. Many manufacturers like ASUS have driver repositories that you can manually download updated drivers from.

Which you should check at least once a quarter.

I know what you are thinking: “Well I am going to just uninstall the updater and not update my drivers then”.

This is also a bad idea, updates are there to not only fix compatibility issues with systems, but also to patch security holes. Attacks like the one mentioned above are meant to target the naive and, for lack of a better term, lazy users.

While legitimate, the Live Update utilities provided by manufacturers are very similar to malware and adware distribution clients. Examples of these are Driver Booster, DriverUpdater, and SlimCleanerPlus. They provide a “path of least resistance” solution to a problem that does not exist. Drivers are not updated enough to warrant a huge security risk like these updaters.

So if you have one please uninstall it and run a virus scan just to be sure.

If you are not comfortable doing this yourself, then you can trust us to help you with this.

Frankenstein Computers has been taking care of our happy clients since 1999. We specialize in affordable IT Support, IT Service, MAC repair, PC Repair, Virus Removal, web design and much more.  Give us a call for remote support or drop in to drop off. Check out what our clients are saying about us on Yelp!