In a sophisticated targeted espionage operation, hackers infected an enormous number of ASUS computers with malicious software using the company’s online automatic update service.
Kaspersky Lab said it had detected 57,000 infections among its customers with an average estimation of 1 million affected computers from the world’s No. 5 computer company.
The malware was designed to open a “backdoor” for intruders through the infected machines, researchers said.
The company reported, about 50 percent of the affected Kaspersky anti-virus software customers were in Russia, Germany and France, while the U.S. accounted for less than 5 percent.
A Symantec spokeswoman said about 13,000 of its antivirus customers received the malicious updates. The so-called supply-chain attack was first reported by the online news site Motherboard.
Kaspersky said the infected software was on ASUS’s Live Update servers from June to November and was signed with legitimate certificates unable to detect the malware until January where new capabilities were added to its anti-virus software.
The malware was programmed for surgical espionage designed to accept a second malware payload for specific computers based on unique identifiers on their network connections.
Kaspersky further identified that more than 600 computers were programmed to receive the payload with an inactive server.