Breaking News

CORSAIR Unveils Platinum-rated HXi SHIFT PSUs with iCUE LINK System Hub and PCIe 5.1 support Panasonic Announces Limited Drop of LUMIX S9 Titanium Gold Edition Models in Europe be quiet! raises the bar with the new Dark Power 14 power supply series be quiet! elevates compact cooling with Pure Rock Slim 3 Toshiba First in Industry to Verify 12-Disk Stacking Technology for Hard Drives

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Hackers Distributed Malware By Compromising Asus Routers

Hackers Distributed Malware By Compromising Asus Routers

Enterprise & IT May 14,2019 0

ESET researchers have discovered that attackers have been distributing the Plead malware via compromised routers and man-in-the-middle attacks against the legitimate ASUS WebStorage software.

ESET first discovered that the Plead backdoor was digitally signed by a code-signing certificate that was issued to D-Link Corporation back in July 2018.
The Plead malware is a backdoor which, according to Trend Micro, is used by the BlackTech group in targeted attacks. The BlackTech group is primarily focused on cyberespionage in Asia.

At the end of April 2019, ESET researchers utilizing ESET telemetry observed multiple attempts to deploy Plead malware in an unusual way. Specifically, the Plead backdoor was created and executed by a legitimate process named AsusWSPanel.exe. This process belongs to the Windows client for a cloud storage service called ASUS WebStorage. The executable file is digitally signed by ASUS Cloud Corporation.

ESET said that all observed Plead samples had the following file name: Asus Webstorage Upate.exe. The researchers confirmed that the AsusWSPanel.exe module of ASUS WebStorage can create files with such filenames during the software update process.

But how legitimate software could create and execute the Plead malware? A possibility could be an ASUS WebStorage supply-chain attack, under which legitimate ASUS WebStorage binaries were delivered via the same update mechanism. However, ESET says it is not aware that ASUS WebStorage servers are used as C&C servers or have served malicious binaries.The a ttackers used standalone malware files instead of incorporating malicious functionality inside legitimate software.

Another possible explanation could be the fact that the ASUS WebStorage software is vulnerable to a man-in-the-middle attack (MitM). Namely, the software update is requested and transferred using HTTP; once an update is downloaded and ready to execute, the software doesn’t validate its authenticity before execution. Thus, if the update process is intercepted by attackers, they are able to push a malicious update.

According to Trend Micro research, attackers behind the Plead malware are compromising vulnerable routers and even using them as C&C servers for the malware.

ESET's investigation uncovered that most of the affected organizations have routers made by the same producer; moreover, the admin panels of these routers are accessible from the internet. Thus, the researchers believe that a MitM attack at the router level is the most probable scenario.

ESET researchers had notified ASUS Cloud Corporation prior to the public announcement of the issue.

Attackers are constantly looking for new ways to deliver their malware in a stealthier way. Security researchers see that supply-chain and man-in-the-middle attacks are used more and more often by various attackers all around the globe.

Tags: malwareHackingASUSroutersESET
Previous Post
Google Opens European Data Privacy Center in Germany
Next Post
Chinese YMTC to Mass Produce 64-layer 3D NAND Products By This Year End

Related Posts

  • ASUS Unveils ProArt PA401, PA602 Wood Edition PC Cases with Retro Colors

  • ASUS Announces ExpertCenter PN54-S1 Mini PC

  • ASUS Announces ExpertCenter P600 AiO

  • ASUS Announces Turbo Radeon AI Pro R9700 32GB Graphics Card

  • ASUS Unveils ProArt Displays, PC Solutions, and More at IBC 2025

  • ASUS Announces ExpertCenter P700 Series

  • ASUS Announces TUF Gaming BE9400 Tri-Band WiFi 7 Router

  • Announcing ASUS NUC 15 Performance

Latest News

CORSAIR Unveils Platinum-rated HXi SHIFT PSUs with iCUE LINK System Hub and PCIe 5.1 support
PC components

CORSAIR Unveils Platinum-rated HXi SHIFT PSUs with iCUE LINK System Hub and PCIe 5.1 support

Panasonic Announces Limited Drop of LUMIX S9 Titanium Gold Edition Models in Europe
Cameras

Panasonic Announces Limited Drop of LUMIX S9 Titanium Gold Edition Models in Europe

be quiet! raises the bar with the new Dark Power 14 power supply series
PC components

be quiet! raises the bar with the new Dark Power 14 power supply series

be quiet! elevates compact cooling with Pure Rock Slim 3
Cooling Systems

be quiet! elevates compact cooling with Pure Rock Slim 3

Toshiba First in Industry to Verify 12-Disk Stacking Technology for Hard Drives
Enterprise & IT

Toshiba First in Industry to Verify 12-Disk Stacking Technology for Hard Drives

Popular Reviews

be quiet! Dark Mount Keyboard

be quiet! Dark Mount Keyboard

Terramaster F8-SSD

Terramaster F8-SSD

be quiet! Light Mount Keyboard

be quiet! Light Mount Keyboard

be quiet! Pure Base 501

be quiet! Pure Base 501

Soundpeats Pop Clip

Soundpeats Pop Clip

Akaso 360 Action camera

Akaso 360 Action camera

Dragon Touch Digital Calendar

Dragon Touch Digital Calendar

Noctua NF-A12x25 G2 fans

Noctua NF-A12x25 G2 fans

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed