Symantec, makers of Norton software, told Motherboard that it found another 13,000 computers with the malicious software update utility.
That bumps the tally to 70,000, though the true number could be in the hundreds of thousands, or even millions, as Kaspersky surmises."We saw the updates come down from the Live Update Asus server.
They were trojanized, or malicious updates, and they were signed by Asus," said Liam O’Murchu, director of development for the Security Technology and Response group at Symantec.
Asus may not be the only one affected by this attack.
Kaspersky discovered the "sophisticated supply chain attack" in January of this year and found links to an attack from 2017.
The company says one of the reasons it was able to go undetected all of this time is because the Trojanized updates were signed with legitimate security certificates from Asus, and were hosted on Asus's official update servers.
Asus also said it has implemented a fix in the latest version of Live Update (version 3.6.8), along with multiple security verification mechanisms and enhanced end-to-end encryption."At the same time, we have also updated and strengthened our server-to-end-user software architecture to prevent similar attacks from happening in the future," Asus said.
Finally, Asus released a security diagnostic tool to check if your system is affected.
You may un-check tables used by such plugins to avoid breakage and then update the urls manually for those plugins.
They all refer to an update provided to your user's device by Appflow's Deploy feature.
to automatically assign the build to once it completes successfully.
to the Dashboard, we'll walk through the process of deploying a live update to a device.
The Ionic Deploy feature works by using the installed Appflow SDK in your native application to listen to a particular Deploy Nomenclature note: The terms "Deploy build", "web build", "live deploy" and "live update" can be used interchangeably.