Cops issue advisory to ASUS users

List steps to identify if a device has been infected by malware

March 27, 2019 12:54 am | Updated 12:54 am IST - Mumbai

Human hand with magnifying glass found spam email with skull and cross bones computer virus on laptop computer. Vector illustration cybercrime concept design.

Human hand with magnifying glass found spam email with skull and cross bones computer virus on laptop computer. Vector illustration cybercrime concept design.

The Maharashtra Cyber Department has issued an advisory warning users of ASUS, a reputed computer manufacturer that came under attack earlier this month.

The Cyber police officers said the attack, named Operation ShadowHammer, affected the ASUS Live Update Utility, which automatically downloads updates for its systems and applications. Officials said the attack created back doors in the computers using a MAC address.

A Cyber police officer said, “The MAC address is a unique code used to connect a computer to a network. The trojans sent out by the perpetrators of Operation ShadowHammer had a table of MAC addresses preloaded in them and devices with matching MAC addresses were infected.” The officer said security experts had identified at least 600 MAC addresses encoded in the ShadowHammer trojans and the attack affected over one million devices.

To deal with the security risk posed by ShadowHammer, the Maharashtra Cyber Department, through its Twitter handle @MahaCyber1, put out a detailed advisory listing the steps to be taken to identify if a device has been infected by the malware. The advisory also put up a link to a tool developed in collaboration with the Kaspersky Lab to guide owners of infected devices on the future course of action. The officer said, “Only ASUS Windows devices are believed to have been affected by the attack. The advisory has given every step in detail and can be followed easily.”

A Kaspersky official added, “According to our research, threat actors behind ShadowHammer have targeted users of ASUS Live Update Utility by inserting a back door over a period of several months [between June and November 2018]. We estimate the attack may have affected more than a million users worldwide. Kaspersky Lab reported the issue to ASUS in January.”

ASUS said that Advanced Persistent Threats are national-level attacks initiated by a couple of specific countries, targeting certain international organisations or entities instead of consumers.

The computer manufacturer said the ASUS Live Update Utility is a proprietary tool supplied with ASUS notebook computers to ensure that the system always benefits from the latest drivers and firmware from ASUS.

‘In touch with users’

The firm said, “A small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers in an attempt to target a very small and specific user group. ASUS customer service has been reaching out to affected users and providing assistance to ensure that the security risks are removed.”

Top News Today

Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.