Breaking News

ASUSTOR 30 TB Ironwolf Pro Now Officially Supported ASUS Announces ExpertCenter P500 SFF Lexar Launches the NM990 PCIe 5.0 SSD DJI Agras T100, T70P and T25P Launches Globally Sony Introduces the RX1R III

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Hackers Distributed Malware By Compromising Asus Routers

Hackers Distributed Malware By Compromising Asus Routers

Enterprise & IT May 14,2019 0

ESET researchers have discovered that attackers have been distributing the Plead malware via compromised routers and man-in-the-middle attacks against the legitimate ASUS WebStorage software.

ESET first discovered that the Plead backdoor was digitally signed by a code-signing certificate that was issued to D-Link Corporation back in July 2018.
The Plead malware is a backdoor which, according to Trend Micro, is used by the BlackTech group in targeted attacks. The BlackTech group is primarily focused on cyberespionage in Asia.

At the end of April 2019, ESET researchers utilizing ESET telemetry observed multiple attempts to deploy Plead malware in an unusual way. Specifically, the Plead backdoor was created and executed by a legitimate process named AsusWSPanel.exe. This process belongs to the Windows client for a cloud storage service called ASUS WebStorage. The executable file is digitally signed by ASUS Cloud Corporation.

ESET said that all observed Plead samples had the following file name: Asus Webstorage Upate.exe. The researchers confirmed that the AsusWSPanel.exe module of ASUS WebStorage can create files with such filenames during the software update process.

But how legitimate software could create and execute the Plead malware? A possibility could be an ASUS WebStorage supply-chain attack, under which legitimate ASUS WebStorage binaries were delivered via the same update mechanism. However, ESET says it is not aware that ASUS WebStorage servers are used as C&C servers or have served malicious binaries.The a ttackers used standalone malware files instead of incorporating malicious functionality inside legitimate software.

Another possible explanation could be the fact that the ASUS WebStorage software is vulnerable to a man-in-the-middle attack (MitM). Namely, the software update is requested and transferred using HTTP; once an update is downloaded and ready to execute, the software doesn’t validate its authenticity before execution. Thus, if the update process is intercepted by attackers, they are able to push a malicious update.

According to Trend Micro research, attackers behind the Plead malware are compromising vulnerable routers and even using them as C&C servers for the malware.

ESET's investigation uncovered that most of the affected organizations have routers made by the same producer; moreover, the admin panels of these routers are accessible from the internet. Thus, the researchers believe that a MitM attack at the router level is the most probable scenario.

ESET researchers had notified ASUS Cloud Corporation prior to the public announcement of the issue.

Attackers are constantly looking for new ways to deliver their malware in a stealthier way. Security researchers see that supply-chain and man-in-the-middle attacks are used more and more often by various attackers all around the globe.

Tags: malwareHackingASUSroutersESET
Previous Post
Google Opens European Data Privacy Center in Germany
Next Post
Chinese YMTC to Mass Produce 64-layer 3D NAND Products By This Year End

Related Posts

  • ASUS Announces ExpertCenter P500 SFF

  • ASUS Announces Giveaway Event to Celebrate 30 Years of Graphics Cards

  • ASUS Announces Pro WS Platinum Series Power Supplies

  • ASUS Announces Prime AP202 MicroATX Case and Fans

  • ASUS Announces TUF Gaming Series Five Monitor Range

  • Asus at Computex 2025

  • ASUS Announces ESC A8A-E12U Support for AMD Instinct MI350 Series GPUs

  • ASUS Unveils White GeForce RTX 50 Series Graphics Cards

Latest News

ASUSTOR 30 TB Ironwolf Pro Now Officially Supported
Enterprise & IT

ASUSTOR 30 TB Ironwolf Pro Now Officially Supported

ASUS Announces ExpertCenter P500 SFF
Enterprise & IT

ASUS Announces ExpertCenter P500 SFF

Lexar Launches the NM990 PCIe 5.0 SSD
PC components

Lexar Launches the NM990 PCIe 5.0 SSD

DJI Agras T100, T70P and T25P Launches Globally
Drones

DJI Agras T100, T70P and T25P Launches Globally

Sony Introduces the RX1R III
Cameras

Sony Introduces the RX1R III

Popular Reviews

be quiet! Light Loop 360mm

be quiet! Light Loop 360mm

be quiet! Dark Mount Keyboard

be quiet! Dark Mount Keyboard

be quiet! Light Mount Keyboard

be quiet! Light Mount Keyboard

Noctua NH-D15 G2

Noctua NH-D15 G2

Soundpeats Pop Clip

Soundpeats Pop Clip

be quiet! Light Base 600 LX

be quiet! Light Base 600 LX

Crucial T705 2TB NVME White

Crucial T705 2TB NVME White

be quiet! Pure Base 501

be quiet! Pure Base 501

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed