Asus has released an update to fix an attack, which according to security researchers had targeted one million-plus Asus users last year by hijacking the computer maker's software update system.
The vendor said "a small number of devices" have been implanted with the malicious code through a sophisticated attack on its Live Update servers.
“Advanced Persistent Threat (APT) attacks are national-level attacks usually initiated by a couple of specific countries, targeting certain international organisations or entities instead of consumers,” wrote Asus, via a company media statement.
“Asus Live Update is a proprietary tool supplied with Asus notebook computers to ensure that the system always benefits from the latest drivers and firmware from Asus.”
Asus said the customer service team has been “reaching out” to affected users and providing assistance to ensure that the security risks are removed.
“Asus has also implemented a fix in the latest version (ver. 3.6.8) of the Live Update software, introduced multiple security verification mechanisms to prevent any malicious manipulation in the form of software updates or other means, and implemented an enhanced end-to-end encryption mechanism,” the company added.
“At the same time, we have also updated and strengthened our server-to-end-user software architecture to prevent similar attacks from happening in the future.
“Additionally, we have created an online security diagnostic tool to check for affected systems, and we encourage users who are still concerned to run it as a precaution.”
Moscow-based cyber security provider Kaspersky Lab said the attack took place between June and November last year and was used to deliver a software update with a "backdoor" that would give hackers access to infected machines.
(Reporting by Vibhuti Sharma in Bengaluru; Editing by Sriraj Kalluvila)