Asus WebStorage Cloud Backup Update Service Used to Install Malware on Users’ PCs,

Security researchers at Eset have reported that Asus' online WebStorage cloud service has been used to distribute malware thanks to a security flaw in the desktop client's automatic updater. By exploiting an insecure HTTP connection and faulty code signing checks, attackers were able to distribute and execute software that installs a backdoor known as Plead on affected computers. The Plead malware is a simple backdoor that infects PCs and then downloads additional malware, which is added to the Windows startup routine so that it is executed every time the infected PC is booted up.

According to Eset, the malware was discovered on computers in Taiwan belonging to its clients, and the issue could be far more widespread. Beginning in April, the company started detecting infected files being downloaded automatically onto PCs by the Asus WebStorage updater, which is a legitimate Windows background service. The attackers were able to trick the software into downloading the malware from a compromised Taiwanese government server rather than a genuine update from Asus's own servers. Asus' software was not verifying the digital signatures of the updates it received, according to Eset reseracher Anton Cherepanov.

Eset says it notified Asus about the issue before going public with the information. In response, Asus has published a notice on its WebStorage site, saying it shut down the WebStorage update server as a precaution, and has since implemented new security measures, but recommends that users run their own virus scans immediately to be sure that they are safe.