Asus said on Tuesday it released an update to fix an attack, which according to security researchers at Kaspersky Lab had targeted one million-plus Asus users last year by hijacking the computer maker’s software update system.
The company said “a small number of devices” have been implanted with the malicious code through a sophisticated attack on its Live Update servers.
Moscow-based cyber security provider Kaspersky Lab said on Monday the attack took place between June and November last year and was used to deliver a software update with a “backdoor” that would give hackers access to infected machines.
“We are not able to calculate the total count of affected users based only on our data; however, we estimate that the real scale of the problem is much bigger and is possibly affecting over a million users worldwide,” Kaspersky said in a blog post.
Researchers at cyber security company Symantec were also able to identify the attack against Asus users, a Symantec spokeswoman said.
The attack shows how hackers are able to leverage the size of technology companies and their suppliers to reach large numbers of victims. Kaspersky said that more than 57,000 of its users had downloaded and installed the compromised Asus update but the hackers intended to target a smaller number of unknown victims.
Kaspersky said it informed Asus about the attack in January and was assisting the company with its investigation.