Hackers have targeted Asus computer owners by pushing a backdoor update software tool from the computer maker’s own servers, Reuters reported.
Russia-based cyber security firm Kaspersky Lab said on Monday that the attack, which took place between June and November 2018, is possibly affecting over a million users all over the world.
Cyber security firm Symantec’s spokeswoman Jennifer Duffourg also confirmed the software supply chain attack against Asus users.
“Based on our analysis, trojanized updates via URIs were deployed by ASUS’ live update server between June and late October 2018. These updates were digitally signed using two certificates from ASUS,” Jennifer Duffourg said.
The hackers were targeting an unknown pool of users, who were identified by their network adapters’ MAC addresses, Kaspersky said.
More than 57,000 Kaspersky users installed the backdoor version of ASUS Live Update, the report said. Kaspersky, a leading cyber security firm, said that they informed Asus about the cyber attack on Jan. 31, 2019.
Asus has shipped 4.211 million PC units during the fourth quarter of 2018, grabbing 6.1 percent share, says research firm Gartner. The PC market share of Asus fell to 6.1 percent in Q4 2018 from 6.6 percent in Q4 2017.
Asus reported 6 percent drop quarter on quarter and 15 percent dip year on year in revenue to NT$88.099 billion in Q4 2018.
Asus earlier indicated that it PC business will be under pressure in H1 2019 due to key component shortage, inventory adjustment on cryptocurrency demand, and an unstable economy with trade conflicts.
Canalys Analyst Ishan Dutt today said shipments of desktops, notebooks and two-in-ones will fall overall in 2019.