Sometimes, out of curiosity, necessity or ignorance, we end up in areas of the Internet where the malware is at ease. In those occasions, to little experience that is had it is easy to dodge the problems, but for it it is necessary to be attentive to possible unexpected discharges, clicks in false, etc. Now, when we browse the websites of the manufacturers of our components and computers, we do it with the defenses down, because we do not expect those controllers to pose any risk to our computer. Unfortunately, it has been discovered that a group of hackers has been manipulating the downloadable files of some official websites, exchanging them for malicious software.
Recently, users who had downloaded the Live Update tool from Asus They found that the hackers had placed a version that installed rear doors on computers. More than half a million teams were committed to this issue, and Asus did everything possible to solve the problem, but the manufacturer is not the only victim. According to a Wired article, that same group is the one that had already infected an old version of the CCleaner cleaning program. They operate by carrying out what they are called attacks on the supply chain, given that their objective is the software distribution channel. With this they hit the nail on the head with what we said above: the user lowers his guard and there is no way to see him coming.
It is estimated that the same group has attacked more than half a dozen of them in the same way. company pages. The security companies have named the group in several ways: Barium, above all, but also ShadowHammer, ShadowPad or Wicked Panda. But all these appeals responded to a single group, which has the same type of attack as its hallmark. It has been ruled out that it is a single individual, but researchers are not clear about it. Vitaly Kamluk of Kaspersky, the computer security company, warns that “they are infecting trust mechanisms,” and adds: “They are experts in this. With the number of companies whose safety they have violated, I believe that there is no other group at their level. “
The curious thing about the modus operandi of the group is that, despite its capacity to do a lot of damage, with more modest objectives. For example, of the 600,000 computers that estimated the infected with the Asus issue, the malware focused on just 600 based on the MAC address. In the case of CCleaner, only 40 of the 700,000 received received a malicious file. There are many unknowns about these hackers, and not only because of their identity; what is interesting is how to infiltrate the pages of the companies and, above all, to whom and why they want to attack. According to Silas Cutler, researcher at Chronicle, the group could have more damage than the NotPetya that caused more than 10,000 million in damages. On the other hand, because of the type of attack it is difficult to protect yourself, unless we stop updating our programs and firmwares. The best option is to have a decent antivirus program and be careful with what we do online. Take care!