Kaspersky Lab has uncovered a new advanced persistent threat (APT) campaign affecting more than a million computer users worldwide. Between at least June and November 2018, Operation ShadowHammer targeted users of the ASUS Live Update Utility, injecting a backdoor.
Each backdoor code contained a table of hardcoded MAC addresses – the unique identifier of network adapters used to connect a computer to a network. Once running on a victim’s device, the backdoor verified its MAC address against this table.
If the MAC address matched one of the entries, the malware downloaded the next stage of malicious code. Otherwise, the infiltrated updater did not show any network activity. In total, security experts were able to identify more than 600 MAC addresses hard coded into the malware.
A blog summarizing the attack can be found on
Securelist.
https://shadowhammer.kaspersky.com/
--
ASUS ROG Strix GL703GS, GTX 1070 8GB, 32GB RAM, 1920x1080 144Hz G-Sync laptop screen, external monitor UWQHD 3440x1440 Mi Monitor, NVMe 4x, 8BitDo Arcade Stick, EasySMX X10 controller, ROG Strix Carry mouse