Shadowhammer

In January 2019, Kaspersky Labs discovered a supply chain attack that affects ASUS computers. Malicious actors were able to penetrate ASUS' internal systems and install malicious code into the ASUS Live Update Utility, which ships with every ASUS system. Normally the ASUS Live Update Utility is used to automatically update software components such as system drivers and supporting applications, as well as to update systems' BIOS/UEFI. This supply chain attack gives attackers the ability to exploit affected ASUS systems for whatever purposes they like, and since it allows them to potentially install malicious BIOS/UEFI, it should be considered as essentially a rootkit. Estimates of how many systems were impacted vary between 500.000 and 1.000.000. While there is compelling evidence that at this time only approximately 600 systems were actively compromised by the attackers (making this appear to be a targetted attack), nevertheless all of the other systems which have the poisoned ASUS Live Update Utility installed remain extremely vulnerable.