For anyone who has an Asus
A threat actor modified the ASUS Live Update Utility, which delivers BIOS, UEFI, and software updates to ASUS laptops and desktops, added a back door to the utility, and then distributed it to users through official channels.
The trojanized utility was "signed with a legitimate certificate and was hosted on the official ASUS server" dedicated to updates, and that allowed it to stay undetected for a long time. The criminals even made sure the file size of the malicious utility stayed the same as that of the original one.
holy f*ck. doesn't big company check their shit before releasing no more?
I like what she said, not what it means.