A few weeks ago we wrote about a particularly concerning malware attack affecting Asus customers. Almost 1 million Asus computer owners are believed to have downloaded and installed malware as part of a regular security software update.
This particular hack is of concern because it used the official Asus update tool to install malware capable of allowing criminals to take control of an infected computer. Because the update appeared to be an official Asus release, most people would have installed the patch without a second thought.
The problem with supply chain attacks
This particular type of hack is known as a ‘supply chain attack’ because it uses official channels to distribute malware. Using an official distribution channel, like the Asus Live Update mechanism, criminals can use the built-in security systems to override protective measures.
Obviously, this makes detecting malware delivered using a supply chain attack very hard to detect. This is particularly true of the Asus malware which had been developed from scratch – it would not have been identified by anti-malware tools which use ‘signatures’ to identify the presence of known viruses and exploits.
Is the Asus malware installed on your computer?
Codenamed ‘ShadowHammer’ by some researchers, the Asus malware was installed on nearly 1 million computers in the second half of 2018. Asus has since removed the compromised files from the Live Update system, to prevent additional infections – but there’s a very real chance that if you own an Asus computer, you may be a victim.
The best way to tell if your computer has been infected is to carry out a scan with a reliable, up-to-date anti-malware tool. Carrying out a scan will help to identify the presence of ShadowHammer and any other infections that have been installed. Download a free trial of Panda Dome here to carry out a scan – and to remove any infections automatically.
Protecting against supply chain infections
Earlier we mentioned the way in which ShadowHammer managed to evade detection by using all new code to bypass signature-detection routines. As cybercriminals become smarter, this is a problem that will render traditional anti-malware tools ineffective in future too.
In fact, it is only with advanced anti-malware tools like Panda Dome which use Machine Learning technologies for detection. Panda Dome actively monitors every process on your computer to understand what is happening under ‘normal’ circumstances. This baseline is then used to compare any new behaviours; if something abnormal is detected, Panda Dome will automatically block the process.
Machine Learning beats traditional signature-based virus detection because it can spot and block suspicious activity long before a patch is released by the anti-malware vendor. If you’re an Asus PC owner – or you just want to avoid falling victim to a supply chain attack – you’ll need a machine learning-based anti-malware tool.