Asus WebStorage Hacked - 'Strike Three: Asus Suffers Third Security Incident This Year' - Tom's Hardware

[UsandThem]

Asus is having a bit of a rough year when it comes to their security, and you would think the first couple of attacks would have gotten them to put just a little more effort into fixing these easy exploits.

https://www.tomshardware.com/news/asus-webstorage-hacked-malware-cybersecurity-flaws,39368.html

For the third time this year, security researchers have revealed yet another Asus security issue. This time, the company's WebStorage customers are affected.

Researchers from antivirus company ESET discovered that the Plead malware was being created and executed by what was supposed to be a legitimate process: Asus’s WebStorage program (AsusWSPanel.exe). The executable is digitally signed by Asus Cloud Corporation.

Much of Asus’ software continues to be delivered via the insecure HTTP protocol, years after previous researchers have raised the issue. Asus’ WebStorage service is no different, which is why BlackTech (or any other hacking group) should be able to intercept the communication channel between Asus and its customers and then replace Asus’s files with the group’s own malware.