![asus live update service asus live update service](https://www.droidthunder.com/wp-content/uploads/2021/11/13-armoury-crate-service-error.jpeg)
- Asus live update service how to#
- Asus live update service serial#
- Asus live update service drivers#
- Asus live update service driver#
- Asus live update service full#
Asus live update service driver#
Get the latest driver updates for your ASUS laptop to make your computer work smoothly.
Asus live update service how to#
hxxps://liveupdate01s.asuscom/pub/ASUS/nb/Apps_for_Win8/LiveUpdate/Liveupdate_Test_VER359.This post teaches you how to download and update ASUS drivers.hxxps://liveupdate01s.asuscom/pub/ASUS/nb/Apps_for_Win8/LiveUpdate/Liveupdate_Test_VER360.zip.hxxp://liveupdate01.asuscom/pub/ASUS/nb/Apps_for_Win8/LiveUpdate/Liveupdate_Test_VER365.zip.Some of the URLs used to distribute the compromised packages:
![asus live update service asus live update service](https://static.filehorse.com/screenshots/drivers/asus-live-update-screenshot-01.png)
Kaspersky Lab verdicts for the malware used in this and related attacks: If you discover that you have been targeted by this operation, please e-mail us at: IOCs To check this, it compares MAC addresses of all adapters to a list of predefined values hardcoded in the malware and alerts if a match was found.Īlso, you may check MAC addresses online. We’ve also created a tool which can be run to determine if your computer has been one of the surgically selected targets of this attack. In principle, the distribution of victims should match the distribution of ASUS users around the world.
![asus live update service asus live update service](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/03/22140818/190322-shadowhammer-2.png)
It should be noted that the numbers are also highly influenced by the distribution of Kaspersky users around the world. Recently, our colleagues from ESET wrote about another supply chain attack in which BARIUM was also involved, that we believe is connected to this case as well.Ī victim distribution by country for the compromised ASUS Live Updater looks as follows: BARIUM is an APT actor known to be using the Winnti backdoor. The actor behind the ShadowPad incident has been publicly identified by Microsoft in court documents as BARIUM. We have contacted ASUS and informed them about the attack on Jan 31, 2019, supporting their investigation with IOCs and descriptions of the malware.Īlthough precise attribution is not available at the moment, certain evidence we have collected allows us to link this attack to the ShadowPad incident from 2017.
Asus live update service serial#
The malicious updaters were hosted on the official liveupdate01s.asuscom and liveupdate01.asuscom ASUS update servers.ĭigital signature on a trojanized ASUS Live Update setup installerĬertificate serial number: 05e6a0be5ac359c7ff11f4b467ab20fc The reason that it stayed undetected for so long is partly due to the fact that the trojanized updaters were signed with legitimate certificates (eg: “ASUSTeK Computer Inc.”). We believe this to be a very sophisticated supply chain attack, which matches or even surpasses the Shadowpad and the CCleaner incidents in complexity and techniques. Of course, there might be other samples out there with different MAC addresses in their list. We were able to extract more than 600 unique MAC addresses from over 200 samples used in this attack. To achieve this, the attackers had hardcoded a list of MAC addresses in the trojanized samples and this list was used to identify the actual intended targets of this massive operation. The goal of the attack was to surgically target an unknown pool of users, which were identified by their network adapters’ MAC addresses. We are not able to calculate the total count of affected users based only on our data however, we estimate that the real scale of the problem is much bigger and is possibly affecting over a million users worldwide. This makes it an extremely attractive target for APT groups that might want to take advantage of their userbase.īased on our statistics, over 57,000 Kaspersky users have downloaded and installed the backdoored version of ASUS Live Update at some point in time. According to Gartner, ASUS is the world’s 5th-largest PC vendor by 2017 unit sales.
Asus live update service drivers#
The attack took place between June and November 2018 and according to our telemetry, it affected a large number of users.ĪSUS Live Update is an utility that is pre-installed on most ASUS computers and is used to automatically update certain components such as BIOS, UEFI, drivers and applications. In January 2019, we discovered a sophisticated supply chain attack involving the ASUS Live Update Utility.
Asus live update service full#
While the investigation is still in progress and full results and technical paper will be published during SAS 2019 conference in Singapore, we would like to share some important details about the attack. Earlier today, Motherboard published a story by Kim Zetter on Operation ShadowHammer, a newly discovered supply chain attack that leveraged ASUS Live Update software.