[The Exiled]

Nastavak ASUS Live Update + CCleaner priče:

Citiraj:

After admitting that an unknown group of hackers hacked its servers between June and November 2018, ASUS this week released a new clean version of its LIVE Update application (version 3.6.8) and also promised to add "multiple security verification mechanisms" to reduce the chances of further attacks. However, you should know that just installing the clean version of the software update over the malicious package would not remove the malware code from the infected systems. One of the things that makes ShadowHammer so unique is the fact that it uses a mass-infection vector to compromise a select number of targets. By one estimate, up to 1 million ASUS users may have downloaded the malware.

Yet, incredibly, analysis suggests that the real targets may have numbered only a few dozen at a time, and perhaps no more than 600 throughout the life of the entire campaign. In order to achieve this selectivity, the malware computes an MD5 hash of the infected machine’s MAC address (1 - 2). It then compares that against a table of hashes hardcoded into the malware. If there’s a match, the code begins the second stage of the attack by downloading further malware from the attacker’s C2 server. If there isn’t a match – the overwhelming majority of the cases – the malware remains dormant.

Izvor: The Hacker News i SentinelOne