This BIOS updater software download is currently available as version 2.08.04. Compatibility may vary, but generally runs on a Microsoft Windows 10, Windows 8 or Windows 7 desktop and laptop PC. ASUS Manager Update has been tested for viruses, please refer to the tests on the 'Virus Tests' page. It is published by ASUS. Download ASUS Manager Update. An utility that allows you to save, manage and update the BIOS of your ASUS motherboard so that it benefits from the latest security fixes and features. Read about all things ROG, including gaming, new products, press releases, events, guides, mods, builds, overclocking, and more.
Asus drivers download utility free download - Asus V3800 TWAIN Utility, HP Printer Drivers Download Utility, ASUS Smart Gesture (Touchpad Driver), and many more programs.
Download Asus Zenfone Flash Tool to update, downgrade or flash stock Android firmware on your device. You can also backup apps using this!
The Taiwan-based tech giant ASUS is believed to have pushed the malware to hundreds of thousands of customers through its trusted automatic software update tool after attackers compromised the company’s server and used it to push the malware to machines.
Image: Shutterstock
Researchers at cybersecurity firm Kaspersky Lab say that ASUS, one of the world’s largest computer makers, was used to unwittingly install a malicious backdoor on thousands of its customers’ computers last year after attackers compromised a server for the company’s live software update tool. The malicious file was signed with legitimate ASUS digital certificates to make it appear to be an authentic software update from the company, Kaspersky Lab says.
ASUS, a multi-billion dollar computer hardware company based in Taiwan that manufactures desktop computers, laptops, mobile phones, smart home systems, and other electronics, was pushing the backdoor to customers for at least five months last year before it was discovered, according to new research from the Moscow-based security firm.
The researchers estimate half a million Windows machines received the malicious backdoor through the ASUS update server, although the attackers appear to have been targeting only about 600 of those systems. The malware searched for targeted systems through their unique MAC addresses. Once on a system, if it found one of these targeted addresses, the malware reached out to a command-and-control server the attackers operated, which then installed additional malware on those machines.
Kaspersky Lab said it uncovered the attack in January after adding a new supply-chain detection technology to its scanning tool to catch anomalous code fragments hidden in legitimate code or catch code that is hijacking normal operations on a machine. The company plans to release a full technical paper and presentation about the ASUS attack, which it has dubbed ShadowHammer, next month at its Security Analyst Summit in Singapore. In the meantime, Kaspersky has published some of the technical details on its website.
“We saw the updates come down from the Live Update ASUS server. They were trojanized, or malicious updates, and they were signed by ASUS.'
The issue highlights the growing threat from so-called supply-chain attacks, where malicious software or components get installed on systems as they’re manufactured or assembled, or afterward via trusted vendor channels. Last year the US launched a supply chain task force to examine the issue after a number of supply-chain attacks were uncovered in recent years. Although most attention on supply-chain attacks focuses on the potential for malicious implants to be added to hardware or software during manufacturing, vendor software updates are an ideal way for attackers to deliver malware to systems after they’re sold, because customers trust vendor updates, especially if they’re signed with a vendor’s legitimate digital certificate.
“This attack shows that the trust model we are using based on known vendor names and validation of digital signatures cannot guarantee that you are safe from malware,” said Vitaly Kamluk, Asia-Pacific director of Kaspersky Lab’s Global Research and Analysis Team who led the research. He noted that ASUS denied to Kaspersky that its server was compromised and that the malware came from its network when the researchers contacted the company in January. But the download path for the malware samples Kaspersky collected leads directly back to the ASUS server, Kamluk said.
Motherboard sent ASUS a list of the claims made by Kaspersky in three separate emails on Thursday but has not heard back from the company.
Read more: What Is a 'Supply Chain Attack?'
But the US-based security firm Symantec confirmed the Kaspersky findings on Friday after being asked by Motherboard to see if any of its customers also received the malicious download. The company is still investigating the matter but said in a phone call that at least 13,000 computers belonging to Symantec customers were infected with the malicious software update from ASUS last year.
“We saw the updates come down from the Live Update ASUS server. They were trojanized, or malicious updates, and they were signed by ASUS,” said Liam O’Murchu, director of development for the Security Technology and Response group at Symantec.
This is not the first time attackers have used trusted software updates to infect systems. The infamous Flame spy tool, developed by some of the same attackers behind Stuxnet, was the first known attack to trick users in this way by hijacking the Microsoft Windows updating tool on machines to infect computers. Flame, discovered in 2012, was signed with an unauthorized Microsoft certificate that attackers tricked Microsoft’s system into issuing to them. The attackers in that case did not actually compromise Microsoft’s update server to deliver Flame. Instead, they were able to redirect the software update tool on the machines of targeted customers so that they contacted a malicious server the attackers controlled instead of the legitimate Microsoft update server.
Two different attacks discovered in 2017 also compromised trusted software updates. One involved the computer security cleanup tool known as CCleaner that was delivering malware to customers via a software update. More than 2 million customers received that malicious update before it was discovered. The other incident involved the infamous notPetya attack that began in Ukraine and infected machines via a malicious update to an accounting software package.
Costin Raiu, company-wide director of Kaspersky’s Global Research and Analysis Team, said the ASUS attack is different from these others. “I’d say this attack stands out from previous ones while being one level up in complexity and stealthiness. The filtering of targets in a surgical manner by their MAC addresses is one of the reasons it stayed undetected for so long. If you are not a target, the malware is virtually silent,” he told Motherboard.
But even if silent on non-targeted systems, the malware still gave the attackers a backdoor into every infected ASUS system.
Tony Sager, senior vice president at the Center for Internet Security who did defensive vulnerability analysis for the NSA for years, said the method the attackers chose to target specific computers is odd.
“Supply chain attacks are in the ‘big deal’ category and are a sign of someone who is careful about this and has done some planning,” he told Motherboard in a phone call. “But putting something out that hits tens of thousands of targets when you’re really going only after a few is really going after something with a hammer.”
Kaspersky researchers first detected the malware on a customer’s machine on January 29. After they created a signature to find the malicious update file on other customer systems, they discovered that more than 57,000 Kaspersky customers had been infected with it. That victim toll only accounts for Kaspersky customers, however. Kamluk said the real number is likely in the hundreds of thousands.
Most of the infected machines belonging to Kaspersky customers (about 18 percent) were in Russia, followed by fewer numbers in Germany and France. Only about 5 percent of infected Kaspersky customers were in the United States. Symantec’s O’Murchu said that about 15 percent of the 13,000 machines belonging to his company’s infected customers were in the U.S.
Kamluk said Kaspersky notified ASUS of the problem on January 31, and a Kaspersky employee met with ASUS in person on February 14. But he said the company has been largely unresponsive since then and has not notified ASUS customers about the issue.
The attackers used two different ASUS digital certificates to sign their malware. The first expired in mid-2018, so the attackers then switched to a second legitimate ASUS certificate to sign their malware after this.
Kamluk said ASUS continued to use one of the compromised certificates to sign its own files for at least a month after Kaspersky notified the company of the problem, though it has since stopped. But Kamluk said ASUS has still not invalidated the two compromised certificates, which means the attackers or anyone else with access to the un-expired certificate could still sign malicious files with it, and machines would view those files as legitimate ASUS files.
This wouldn't be the first time ASUS was accused of compromising the security of its customers. In 2016, the company was charged by the Federal Trade Commission with misrepresentation and unfair security practices over multiple vulnerabilities in its routers, cloud back-up storage and firmware update tool that would have allowed attackers to gain access to customer files and router log-in credentials, among other things. The FTC claimed ASUS knew about those vulnerabilities for at least a year before fixing them and notifying customers, putting nearly a million US router owners at risk of attack. ASUS settled the case by agreeing to establish and maintain a comprehensive security program that would be subject to independent audit for 20 years.
The ASUS live update tool that delivered malware to customers last year is installed at the factory on ASUS laptops and other devices. When users enable it, the tool contacts the ASUS update server periodically to see if any firmware or other software updates are available.
“They wanted to get into very specific targets and they already knew in advance their network card MAC address, which is quite interesting.”
The malicious file pushed to customer machines through the tool was called setup.exe, and purported to be an update to the update tool itself. It was actually a three-year-old ASUS update file from 2015 that the attackers injected with malicious code before signing it with a legitimate ASUS certificate. The attackers appear to have pushed it out to users between June and November 2018, according to Kaspersky Lab. Kamluk said the use of an old binary with a current certificate suggests the attackers had access to the server where ASUS signs its files but not the actual build server where it compiles new ones. Because the attackers used the same ASUS binary each time, it suggests they didn’t have access to the whole ASUS infrastructure, just part of the signing infrastructure, Kamluk notes. Legitimate ASUS software updates still got pushed to customers during the period the malware was being pushed out, but these legitimate updates were signed with a different certificate that used enhanced validation protection, Kamluk said, making it more difficult to spoof.
The Kaspersky researchers collected more than 200 samples of the malicious file from customer machines, which is how they discovered the attack was multi-staged and targeted.
Buried in those malicious samples were hard-coded MD5 hash values that turned out to be unique MAC addresses for network adapter cards. MD5 is an algorithm that creates a cryptographic representation or value for data that is run through the algorithm. Every network card has a unique ID or address assigned by the manufacturer of the card, and the attackers created a hash of each MAC address it was seeking before hard-coding those hashes into their malicious file, to make it more difficult to see what the malware was doing. The malware had 600 unique MAC addresses it was seeking, though the actual number of targeted customers may be larger than this. Kaspersky can only see the MAC addresses that were hard-coded into the particular malware samples found on its customers’ machines.
The Kaspersky researchers were able to crack most of the hashes they found to determine the MAC addresses, which helped them identify what network cards the victims had installed on their machines, but not the victims themselves. Any time the malware infected a machine, it collected the MAC address from that machine’s network card, hashed it, and compared that hash against the ones hard-coded in the malware. If it found a match to any of the 600 targeted addresses, the malware reached out to asushotfix.com, a site masquerading as a legitimate ASUS site, to fetch a second-stage backdoor that it downloaded to that system. Because only a small number of machines contacted the command-and-control server, this helped the malware stay under the radar.
“They were not trying to target as many users as possible,” said Kamluk. “They wanted to get into very specific targets and they already knew in advance their network card MAC address, which is quite interesting.”
Symantec’s O’Murchu said he’s not sure yet if any of his company’s customers were among those whose MAC addresses were on the target list and received the second-stage backdoor.
The command-and-control server that delivered the second-stage backdoor was registered May 3 last year but was shut down in November before Kaspersky discovered the attack. Because of this, the researchers were unable to obtain a copy of the second-stage backdoor pushed out to victims or identify victim machines that had contacted that server. Kaspersky believes at least one of its customers in Russia got infected with the second-stage backdoor when his machine contacted the command-and-control server on October 29 last year, but Raiu says the company doesn’t know the identity of the machine’s owner in order to contact him and investigate further.
There were early hints that a signed and malicious ASUS update was being pushed to users in June 2018, when a number of people posted comments in a Reddit forum about a suspicious ASUS alert that popped up on their machines for a “critical” update. “ASUS strongly recommends that you install these updates now,” the alert warned.
In a post titled “ASUSFourceUpdater.exe is trying to do some mystery update, but it won't say what,” a user named GreyWolfx wrote, “I got an update popup from a .exe that I had never seen before today….I’m just curious if anyone knows what this update would possibly be for?”
When he and other users clicked on their ASUS updater tool to get information about the update, the tool showed no recent updates had been issued from ASUS. But because the file was digitally signed with an ASUS certificate and because scans of the file on the VirusTotal web site indicated it was not malicious, many accepted the update as legitimate and downloaded it to their machines. VirusTotal is a site that aggregates dozens of antivirus programs; users can upload suspicious files to the site to see if any of the tools detect it as malicious.
“I uploaded the executable [to VirusTotal] and it comes back as a validly signed file without issue,” one user wrote. “The spelling of 'force' and the empty details window are indeed odd, but I noticed odd grammar errors in other ASUS software installed on this system, so it's not a smoking gun by itself,” he noted.
Kamluk and Raiu said this may not be the first time the ShadowHammer attackers have struck. They said they found similarities between the ASUS attack and ones previously conducted by a group dubbed ShadowPad by Kaspersky. ShadowPad targeted a Korean company that makes enterprise software for administering servers; the same group was also linked to the CCleaner attack. Although millions of machines were infected with the malicious CCleaner software update, only a subset of these got targeted with a second stage backdoor, similar to the ASUS victims. Notably, ASUS systems themselves were on the targeted CCleaner list.
The Kaspersky researchers believe the ShadowHammer attackers were behind the ShadowPad and CCleaner attacks and obtained access to the ASUS servers through the latter attack.
“ASUS was one of the primary targets of the CCleaner attack,” Raiu said. “One of the possibilities we are taking into account is that’s how they intially got into the ASUS network and then later through persistence they managed to leverage the access … to launch the ASUS attack.”
Listen to CYBER, Motherboard’s new weekly podcast about hacking and cybersecurity.
Tagged:
FRP Hijacker Crack Tool 2019 is a light but powerful tool that allows us to eliminate the FRP lock. This tool is used for all types of FRP lock. Remove the FRP lock 2019 in download mode. It has a Phone dialer to bypass the Google account. ADB enabler and FRP remover feature make it very useful. This function is particularly useful if we are going to get rid of our mobile lock and we want to protect all our private information. We reviewed a series of recommendations to return to leave our Android mobile as the first day. Android Fastboot Reset Tool Download Link.
The Feature Of frp hijacker by hagard
FRP Hijacker Latest Version Download From Here
Features of FRP Hijacker2019 [ frp hijacker by hagard download ]
The Factory Reset Protection is part of the security of the smartphone. This system added by Google in March 2015 for Android 5.1 lollipop devices and later versions. If your device has this function enabled – possibly yes – you can restore your phone’s all settings. Only with the login identifications used when the phone was brand new. Frp hijacker tool v1.0 download. Mi Account Unlock Tool Official Version Download. FRP hijacker by hagard 2019 download pc Version.
FRP Hijacker Latest Version Download From Here
There are many FRP bypass tools. FRP Hijacker is one of the best to get rid of factory reset protection lock. You can remove the lock with one tap. However, as always in cases of security features, Factory Reset Protection can become your best friend or your worst enemy. Taking into account the number of accounts, passwords, and PINs that we use every day, it is possible that one day you will forget what Google account you used when you set up your phone. Or, for example, bought a used phone and the previous user did not delete the Google account from the Android. What to do then? How to delete a google account from Android? Is there any way to avoid Google verification of the phone?
Features of FRP Hijacker2019 [ frp hijacker by hagard download ]
It’s totally free tool. No need to pay.
Work on all Android smartphone
One tap FRP lock removal
Support for Windows, Mac, and Linux PC
Easy to use
Which devices support Factory Reset Protection?
The general rule is that devices that come from the factory with the Android 5.1 system or a higher version (NOT applicable for phones that are updated) support or should support the Factory Reset Protection feature.Frp hijacker password download.
Android Multi Tools Download Link.
How to avoid FRP?
In short, there is a trick for some phones – it is necessary to start the configuration from a cable / USB-OTG unit, do the factory reset in the Backup configuration and clean all data related to Google accounts. Do the initialization again and the Factory Reset Protection is successfully bypassed, now you can configure your device again.Frp hijacker installation password.
Asus Software Update Utility
Factory Reset Protection works on the basis of a common factor in all devices: a Google account registered in the mobile.Therefore, to disable this security simply remove all Google accounts registered in the device (Settings> Accounts). As a protection, it is also recommended to remove the screen lock.Frp hijacker tool v1.0 password.One GSM Crack Tool Official Tools Download Link.
Here are some more specific steps to follow to delete the Google account from your phone:
Download FRP Hijackerlatest version file required to make the FRP Google bypass and copy it to your USB storage.
Link your USB flash drive to your phone with the help of an OTG cable
After connecting, you can access the APK file kept on the USB flash drive from your device. Install the APK application on your device using the file explorer.
Once the FRP bypass application is installed, you can work with your phone’s settings.
Select the option ‘Backup and reboot.
Also Can: Download Android Multi Tools Update Version.
Choose ‘Factory data reset’ and press ‘Reset device’ or ‘Delete all’. This last option will remove everything from your phone, including:
Google account.
System data and applications.
Device configuration.
Downloaded applications.
Music, Images, and all other user data.
Now, the device will restart automatically. After starting the device, follow the instructions on the screen to set up the phone.
If you want to know how to avoid the FRP lock of all smartphones with a PC, you should know that it does not vary from the Google account FRP removal on Lenovo, Asus, and HTC devices. Formatting the android’s factory security can help the operator set up their handset again and use another account to work with the handset. Most of us probably go to a service center to solve this problem.It is reasonable. This is for the reason that the experts in the customer care know how to bypass the Google Account on the Android phone. It means you have to transfer your smartphone.Frp hijacker latest version Download Link.
Steps to eliminate Factory Reset Protection
You need: Android device, USB OTG cable, software to remove Google FRP, FRP Hijacker installed on both nodes.
What do they do in the service centers to reset the Android phone factory settings remotely? Read the step by step description of the remote factory reset.
Remote reset Google Account FRP with Frp hijacker latest version.
Choose the number of connections and install a special software application. Register an account by clicking on ‘Registration link. It is a normal registration procedure.
Run FRP bypass tool and enter the account.
The owner of the phone will have to install Hijacker on the computer and log in using the credentials created.
Then connect the phone to the computer through the USB cable.
Make sure the device is connected in “Download Mode”. For Samsung devices, it must be turned off first, then press and hold the [Volume up Home Key on Key] buttons at the same time.
Asus Software Update Tool Windows 7
The phone will be displayed in the window of both devices.
The owner of the phone must enable USB debugging on the remote device and an ADB shell.
Now the service center specialist can access the phone and restore the factory settings, that is, delete all data from the Google account of the device.
Once the Android factory settings are restored, the owner of the phone can log in using their Google account credentials.
Finally.
Frp hijackeris the perfect solution to reset Google FRP. In some cases, you need the help of a Service Center.Frp hijacker v1.0 setup download.
Link 1: Download
Link 2: Download
Link 3: Download
User Rar Password: www.xdarom.com
Installation Password: www. gsmhagard.com
Hi. This is XDA ROM. I am a technology lover. I try all smartphone problem solved and review all mobile feature price, details, specification. Publish all smartphone unlock tool, FRP lock, google account bypass APK. I try to show all mobile problem fixed guidelines and how to use unlock tools.