Usually, computer makers and developers advise their users to install updates and download apps from trusted sources, and it usually doesn’t get more trusted than directly from the company themselves, right? Unfortunately, that was not the case with ASUS whose update servers were compromised and used to install backdoors on its own computers.
According to the report from Kaspersky (via Motherboard), it appears that back in 2018, ASUS’ update server was compromised where it allowed hackers to use the company’s own update software to install backdoors on thousands of computers. The files were signed with the company’s own digital certificates which allowed it to pass off as authentic.
The researchers have estimated that this might have affected half a million Windows computers, although oddly enough it appears that the attack was actually aiming at about 600 of those systems. It is unclear why the attackers were targeting those systems particularly, but regardless, it still represents a hole in the system that needs to be fixed.
This is not the first time that update servers have been compromised and used to distribute malware. Microsoft had previously suffered a similar issue where the Flame spyware was distributed through the Windows updating tool. ASUS has yet to comment on the situation despite Motherboard attempting to reach them several times, but presumably, they should be aware of the situation by now.