‘Malware found in Asus update tool also hit game companies’
The malware found on Asus computers last month has also been distributed via Asian game developers and IT companies. That says security company Kaspersky, which analyzed the malware.
Kaspersky found new forms of malware that are very similar to the malware found on Asus computers earlier this year. In March, researchers discovered that malware nicknamed ShadowHammer had landed on Asus laptops through the acquisition of certificates from the company. Kaspersky says the malware now found is very similar to that attack.
The new malware also looks for specific configurations and MAC addresses, and if they aren’t found, the malware looks no further. It is not yet known what exactly the malware does. There are also other indications that the malware forms are similar. For example, in both cases they would use the same algorithms to calculate a hash. According to Kaspersky, some of the methods used also have similarities with the attack on CCleaner in 2017.
Kaspersky found the malware in games from a Thai company called Electronics Extreme, which is known for the zombie shooter Infestation. The South Korean Zepetto was also hit. That’s the publisher of another shooter called PointBlank. Other companies are also said to have been infected, but Kaspersky does not name them publicly, because they have not yet responded.
ShadowHammer was spread via a so-called supply chain attack, where one company is infected and the infected software forwards to customers or users. In the case of Asus, the virus was spread via an update tool. The new malware cases used stolen source code from Infestation to create and distribute an infected copy of the game. The attack uses forged security certificates, making the updates containing malware appear legitimate.