Strike Three: Asus Suffers Third Security Incident This Year

Credit: AsusCredit: AsusFor the third time this year, security researchers have revealed yet another Asus security issue. This time, the company’s WebStorage customers are affected.

Asus WebStorage Hacked

Researchers from antivirus company ESET discovered that the Plead malware was being created and executed by what was supposed to be a legitimate process: Asus’s WebStorage program (AsusWSPanel.exe). The executable is digitally signed by Asus Cloud Corporation.

The ESET researchers believe that Asus was the victim either of a supply-chain attack or man-in-the-middle (MITM) attack done by BlackTech, a cyber espionage group that usually has operations against targets in Asia.

A supply-chain attack would mean the hackers were able to send their malicious files alongside legitimate Asus updates. The researchers don’t believe Asus’s own files were infected in this case, just that the same channel

... read more at: https://www.tomshardware.com/news/asus-webstorage-hacked-malware-cybersecurity-flaws,39368.html

Leave a Reply