Asus Live Update Utility tool hijacked to spread malware to ‘about 1 million’

Security software vendor Kaspersky estimates that a compromised version of Asus’s Live Update Utility software has been rolled out to around a million devices.

Live Update Utility is freeware which is installed on most Asus laptop and desktop PCs, and can be set up to automatically scan for and install BIOS, UEFI, and software updates.  

Kaspersky claims that the attack, dubbed ‘ShadowHammer’ worked along similar lines to the 2017 CCleaner hack –  a ‘trojanized’ version of the utility was signed with a certificate and successfully passed off as a legitimate version. It then sat on the official Asus server before being rolled out to customers.

Kaspersky says that at least 57,000 users installed the compromised software, but estimates that the full reach of the malware is greater, closer to a million – though the attacker or attackers were apparently only interested in 600 customers on the list.

Related: Best free antivirus

According to Motherboard’s Kim Zetter, who broke the story, Kaspersky spotted the attack in January after launching new supply-chain detection technology, but Norton antivirus makers Symantec not only confirmed the findings, but pointed out that 13,000 devices belonging to its customers were infected by the software update last year.

Even more worryingly, Kaspersky says that the same trojan technique has been used against software from three other companies.

Related: Best VPN 2019

Kaspersky says it’s notified Asus and suggests that all users update Live Update Utility if you use it. The company has also released a tool which lets you enter your device’s MAC addresses and check to see if you’ve been affected. 

Asus had not responded to Kaspersky or Motherboard and, at the time of publication, had not responded to Trusted Reviews’s requests for comment.

Do you own an Asus laptop or desktop and do you use Live Update Utility? Let us know @TrustedReviews.