Yet another supply chain attack.
These attacks are dangerous. The update appears genuine for any and all checks that one would perform to NOT get malware on your devices.
Attackers distributed hardware vendor updates for Asus computers. The updates were signed with valid digital certificates belonging to the vendor. If you have an Asus computer and allow updates or performed an update earlier this year you may have installed the update with malware.
In this case, from what is known thus far, the instance known checks for a specific list of MAC addresses. You can check your MAC against this list at this link.
Asus has yet to notify their customers.
No comments:
Post a Comment