Over 57,000 users, and possibly up to a million, have downloaded and installed a version of the Asus Live Update utility that was poisoned with a backdoor and hosted on the official Asus servers.
What security vendor Kaspersky is calling ShadowHammer was actually a targeted attack at a small number of users. (The investigation is still in progress, Kaspersky said.) Kaspersky said that the ShadowHammer attack had been detected worldwide, most commonly in Russia and Germany, with about five percent of victims in the United States.
From a security standpoint, the most disturbing aspect of the malware is that it was digitally signed with legitimate security certificates, the stamp of authenticity that would make them indistinguishable from a real update. They were even hosted on Asus servers. The Live Update software can be downloaded from the Asus site, and it also comes pre-loaded on PCs.