Has not passed and , how computing platform security researchers once again caught ASUS cloud service in backdoors. This time, the WebStorage service and software were compromised. With its help, the BlackTech Group hacker group installed Plead malware on the computers of victims. More precisely, Japanese cybersecurity specialist Trend Micro considers Plead a tool of the BlackTech group, which makes it possible to identify intruders with a certain degree of accuracy. We add that the BlackTech group specializes in cyber espionage, and government institutions and companies in Southeast Asia are considered to be the objects of its attention. The recent ASUS WebStorage hack had to do with the group's activities in Taiwan.
Plead's activity in the ASUS WebStorage program was discovered at the end of April by Eset specialists. Previously, the BlackTech group distributed Plead using phishing attacks via email and through routers with open vulnerabilities. The last attack was unusual. Hackers injected Plead into ASUS Webstorage Upate.exe, the company's proprietary tool for software updates. Then the backdoor was also activated by the proprietary and trusted ASUS WebStorage program.
According to experts, hackers were able to introduce a backdoor into ASUS utilities due to insufficient protection in the HTTP protocol using the so-called “man-in-the-middle” attack. A request to update and transfer files from ASUS services via HTTP can be intercepted, and instead of trusted software, infected files are transferred to the victim. At the same time, ASUS software does not have mechanisms to verify the authenticity of downloaded programs before execution on the victim's computer. Update interception is possible on compromised routers. For this, the negligent attitude of administrators to the default settings is enough. Most of the routers in the attacked network are from the same manufacturer with factory-installed logins and passwords, information about which is not a secret behind seven seals.
The ASUS Cloud service promptly responded to the vulnerability and updated the mechanisms on the update server. However, the company encourages users to scan their own computers for viruses.
Source: 3dnews.ru