Researchers at cybersecurity firm Kaspersky Lab say that ASUS, one of the world’s largest computer makers, was used to unwittingly to install a malicious backdoor on thousands of its customers’ computers last year after attackers compromised a server for the company’s live software update tool. “We saw the updates come down from the Live Update ASUS server. Although most attention on supply-chain attacks focuses on the potential for malicious implants to be added to hardware or software during manufacturing, vendor software updates are an ideal way for attackers to deliver malware to systems after they’re sold, because customers trust vendor updates, especially if they’re signed with a vendor’s legitimate digital certificate. “We saw the updates come down from the Live Update ASUS server. Instead, they were able to redirect the software update tool on the machines of targeted customers so that they contacted a malicious server the attackers controlled instead of the legitimate Microsoft update server.