ASUS Live Update driver utility was hijacked to install malware on thousands of computers
Computer and electronics manufacturer ASUS finds itself in a difficult position today following its confirmation of malware hijacking its Live Updater driver utility.
“We saw the updates come down from the Live Update ASUS server. They were trojanized, or malicious updates, and they were signed by ASUS."
ASUS today put out a press release confirming Motherboard's report. Alongside the admission, ASUS stated the following:
"ASUS has also implemented a fix in the latest version (ver. 3.6.8) of the Live Update software, introduced multiple security verification mechanisms to prevent any malicious manipulation in the form of software updates or other means, and implemented an enhanced end-to-end encryption mechanism. At the same time, we have also updated and strengthened our server-to-end-user software architecture to prevent similar attacks from happening in the future. "
ASUS also created a diagnostics tool for users worried about being impacted. The tool can be downloaded from the following URL: https://dlcdnets.asus.com/pub/ASUS/nb/Apps_for_Win10/ASUSDiagnosticTool/ASDT_v220.127.116.11.zip