The backdoor in the non-ASUS-related cases was straightforward, designed to check whether it has administrative privileges and to gather various information from the infected machine. The injection methods differed between the ASUS and the video games incidents. While investigating the incident, Kaspersky also stumbled upon similar supply-chain incidents that involved video games, with some information on the case shared publicly by ESET in a March 2019 report. One of the targeted MAC addresses was shared by all users of a virtual Ethernet adapter created by a Huawei USB 3G modem, model E3372h. The investigation revealed that the attackers targeted the users of multiple vendors, although they appear to have focused on specific ones. The backdoor, however, was meant to be installed on only 600 select devices, identified by their MAC address, the security researchers say. Kaspersky detected the Trojanized utility on tens of thousands of devices running its security products, but says that many others might have been affected. The researchers found over 230 samples associated with the attack. Ccleaner malware threat report install#The modified binaries included a Trojan downloader designed to fetch and install a backdoor from the file’s resources. Using legitimate digital certificates, the hackers modified only tiny parts of the file to keep its size and ensure they would not trigger security alerts. Kaspersky’s investigation indeed revealed that the hackers tampered with a legitimate binary that was initially compiled in 2015. One user even observed that the file was actually dated 2015, thus being much older than the version running on their device, and pointed out that the version of the utility being served to them was known to contain vulnerabilities and to be susceptible to being tricked into executing code. Ccleaner malware threat report update#While no official reports on the matter were published, users posted on online forums such as reddit, complaining of receiving a strange “critical” update for ASUS Live Update. Ccleaner malware threat report software#ASUS has since released software updates to address the issue.įollowing an initial report last month, Kaspersky Lab has published additional details on their investigation into the attack, revealing that the first attempts to compromise users through the backdoored ASUS Live Update utility took place in June 2018. The sophisticated supply-chain attack called Operation ShadowHammer that targeted ASUS users can be linked to the "ShadowPad" threat actor and the CCleaner incident, Kaspersky Lab’s security researchers say.ĭiscovered in January 2019, Operation ShadowHammer relied on a Trojanized version of the ASUS Live Update utility to install a backdoor on specific devices, selected based on their MAC addresses.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |