Asus confirmed on Tuesday that “a small number of devices” had been affected by the ShadowHammer malware attack which was masquerading as a security update.
“A highly sophisticated cyberattack designed to look like a routine software update misled more than 57,000 Asus laptop owners, mostly in Russia, into installing malware that granted “backdoor” access to their computers”, says the security company Kaspersky Lab.
Now, Asus says it has a fix in the form of an actual security update which goes as “latest version (ver. 3.6.8) of the Live Update software”— one that can be downloaded using its Live Update software tool.
In addition, the company says it has a second “security diagnostic” tool that you can use to scan to see if your computer has been affected. “We encourage users who are still concerned to run it as a precaution,” reads part of the company’s press release, which includes a link to the software.
While the fix is reassuring, but also raises valid questions as to why the systems weren’t locked down earlier. Update tools are considered to be prime targets for hackers precisely because they’re both trusted and have deep access to the operating system — tight security is necessary to prevent an intruder from hijacking the process.