A 1 May 2019 article at the Institute of Electrical and Electronics Engineers
(IEEE) Spectrum magazine web site reports on work by researchers
at Kaspersky Labs in reverse engineering a sophisticated piece of
malware with the moniker "Operation ShadowHammer" that leveraged
the ASUS Live Update Utility.
ASUS Live Update is a utility that is pre-installed on most ASUS computers
and is used to automatically update certain components such as BIOS
UEFI, drivers and applications.
The attackers managed to insert their malware into the ASUS LIve Update
utility and as part of an elaborate number of measures to help cover their
tracks, signed it with one of ASUS's own digital certificates.
The malware is designed to target machines with specific pools of MAC
addresses.
A large number of machines have received the trojan.
There are clues that the malware may have originated in China.
Story here :-
https://spectrum.ieee.org/tech-talk/...tware-pipeline
Detailed Kapersky Labs forensic report here :-
https://securelist.com/operation-sha...-attack/90380/