https://applealmond.com/posts/50107

世界知名的臺灣電腦製造商華碩，聽到這個消息恐怕高興不起來了。根據防毒軟體公司「卡巴斯基」的報告，有駭客透過華碩的更新伺服器，來幫無數華碩電腦安裝後門。卡巴斯基表示，駭客的惡意文件使用了合法的華碩數位證書，使後門看起來就像正常的軟體更新。

https://www.kaspersky.com/blog/shad...r-teaser/26149/

Thanks to a new technology in our products that is capable of detecting supply-chain attacks, our experts have uncovered what seems to be one of the biggest supply-chain incidents ever (remember CCleaner? This one’s bigger). A threat actor modified the ASUS Live Update Utility, which delivers BIOS, UEFI, and software updates to ASUS laptops and desktops, added a back door to the utility, and then distributed it to users through official channels.



套裝電腦、筆電，只要有裝live update的都有可能中鏢