cancel
Showing results for 
Search instead for 
Did you mean: 

Trojanised / Hacked Asus LiveUpdate (Armory crate?)

Ch3vr0n
Level 10
Hey forum user,

Are you using Asus LiveUpdate (Armory Crate?), then i suggest you stop using it and go back (like i do) the old fashioned way. Update things yourself by visiting the board website. Here's why you don't WANT it working / shouldn't be using it! Just got this linked by one of my favorite and local tech sites.

Armory Crate / Live Update is a SECURITY RISK and a big one! I've been saying that from the start and disable it immediately on every bios update. Need proof?

https://securelist.com/operation-shadowhammer/89992/
https://motherboard.vice.com/en_us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-...


The ball is in your court. Figured everyone deserves to know, if asus doesn't come out with a statement on these forums on their own.
8,573 Views
19 REPLIES 19

btrach144
Level 7
The below link breaks it down well. This is a major security event and ASUS is refusing to acknowledge it.

*https://www.reddit.com/r/intel/comments/b5cpo7/z390_boards_hackers_hijacked_asus_software/?utm_sourc...

btrach144 wrote:
The below link breaks it down well. This is a major security event and ASUS is refusing to acknowledge it.

*https://www.reddit.com/r/intel/comments/b5cpo7/z390_boards_hackers_hijacked_asus_software/?utm_sourc...


I wouldn't expect any acknowledgement here since this forum isn't an official communication channel. The Spectre response was posted on the news & press releases area of the ASUS website so keep an eye there.

From what I understand there were a limited number of targeted users, so as bad as is the likelihood is that nobody here was on the list.
A bus station is where a bus stops. A train station is where a train stops. On my desk, I have a work station…

SK8
Level 10
I hate programs like this I like to go download my drivers the normal way from the site. I don't even allow crap like g force experience on any PC in this house crap programs fully. Good find and good to know :] Edit ...the big question is how does anyone learn on a PC when you use a program to find your drivers etc the answer is you don't learn anything and programs like this are a security risk and keep you dumb on a PC just my view.
Bios 602 and did a bios update doh
passed 8hr test on Karhu RamTest
Set to Manual OC
Dram Frequency 4266MHz
Dram voltage 1.45v
CPU VCCIO Voltage 1.25v
CPU System Agent Voltage 1.29v
Dram timing control 17-18-18-38
Mode1
Dram command rate set to 2N set dram current capability to 130%

Or are we just screwed? Shouldn't have been allowed to have taken place in the first place. Everyone in US should complain to Federal Trade Commission per https://www.ftc.gov/system/files/documents/cases/1607asustekcmpt.pdf.

toronto699
Level 13
Anything And Everything Can Be Hacked , One Way Or Another ,

Ch3vr0n
Level 10
The amount of targetted users is irrelevant. If it were only 1 (Asus CEO / CFO?) i bet they'd be on their hind legs over this. They need to make a statement, push an update and DISABLE THAT CRAP by default in the BIOS. Or even better, remove it completely from the BIOS. It shouldn't even be in there (armory crate), that's sony rootkit type of stuff. Remember that?

This needs adressing like yesterday!

According to https://securelist.com/operation-shadowhammer/89992/ :

"We’ve also created a tool which can be run to determine if your computer has been one of the surgically selected targets of this attack. To check this, it compares MAC addresses of all adapters to a list of predefined values hardcoded in the malware and alerts if a match was found.

Download an archive with the tool (https://kas.pr/shadowhammer)

Also, you may check MAC addresses online. If you discover that you have been targeted by this operation, please e-mail us at: shadowhammer@kaspersky.com.

Ch3vr0n wrote:
The amount of targetted users is irrelevant. If it were only 1 (Asus CEO / CFO?) i bet they'd be on their hind legs over this. They need to make a statement, push an update and DISABLE THAT CRAP by default in the BIOS. Or even better, remove it completely from the BIOS. It shouldn't even be in there (armory crate), that's sony rootkit type of stuff. Remember that?

This needs adressing like yesterday!


Not relevant to the need for a response, indeed not. Supposedly Kaspersky has been working with ASUS on this so ASUS should have some idea what is going on and it would be good to release an initial statement even if more investigation is necessary.

But for end users concerned their banking credentials may have been stolen or something equally nefarious it's at least mildly reassuring to know they likely were not the target.
A bus station is where a bus stops. A train station is where a train stops. On my desk, I have a work station…

TimeLion724
Level 8
I always considered that as bloatware.
" The speed of the fallen one does not change..."

GUIDE TO FIXING BSOD ERRORS