Researchers believe bad actors are using man-in-the-middle (MitM) attacks against ASUS software to distribute the Plead backdoor. Near the end of April 2019, researchers at ESET observed several attack attempts that both created and executed the Plead backdoor using “AsusWSPanel.exe,” a legitimate process which belongs to the Windows client for the cloud-based storage service ASUS WebStorage developed by the ASUS Corporation. In fact, all Plead samples observed by ESET had the name “Asus Webstorage Upate.exe” In their analysis of these attack attempts, the Slovakian security firm said it believes that one of two things might have happened. But ESET discounted this possibility based on three observations: the same update mechanism delivered legitimate ASUS WebStorage binaries, there’s no evidence of the ASUS WebStorage binaries having acted as C&C servers or delivered malicious binaries and the attack attempts themselves delivered standalone malicious files not hidden in legitimate software. The more likely situation in the minds of ESET’s researchers is that bad actors used MitM attacks and vulnerable routers to deliver the malware.