Credit: AsusFor the third time this year, security researchers have revealed yet another Asus security issue. This time, the company’s WebStorage customers are affected.
Asus WebStorage Hacked
Researchers from antivirus company ESET discovered that the Plead malware was being created and executed by what was supposed to be a legitimate process: Asus’s WebStorage program (AsusWSPanel.exe). The executable is digitally signed by Asus Cloud Corporation.
The ESET researchers believe that Asus was the victim either of a supply-chain attack or man-in-the-middle (MITM) attack done by BlackTech, a cyber espionage group that usually has operations against targets in Asia.
A supply-chain attack would mean the hackers were able to send their malicious files alongside legitimate Asus updates. The researchers don’t believe Asus’s own files were infected in this case, just that the same channel