TAIPEI, AFP : Taiwanese laptop maker Asus unknowingly pushed malware to thousands of computers after one of its servers was hacked last year, potentially affecting more than one million people, Russian cybersecurity firm Kaspersky Lab said. 

More than 57,000 people installed the malicious backdoor on their Asus computers after hackers attacked a server for the company’s live software update tool, Kaspersky said in an article posted on its website on Monday. 

“The trojanised utility was signed with a legitimate certificate and was hosted on the official Asus server dedicated to updates, and that allowed it to stay undetected for a long time,” the firm said. 

“We are not able to calculate the total count of affected users based only on our data; however, we estimate that the real scale of the problem is much bigger and is possibly affecting over a million users worldwide,” it added. 

The Moscow-based firm said that its ongoing investigation found that hackers had deployed the same techniques against software from three other companies. 

Kaspersky uncovered the Asus attack, which it dubbed “ShadowHammer”, in January after adding a new supply-chain detection technology to its scanning tool and is planning to release a full report on it next month. 

The incident highlights the growing threat from so-called “supply-chain attacks” where malware is installed on systems during the manufacturing or assembling process or through later updates, analysts say. 

Hackers attacked one million-plus Asus users through malicious update