It looks like ASUS’s Live Update servers have been compromised and have been pushing malware out to thousands of computers that are configured to download and install these updates automatically. This not only includes PC motherboards, but also pre-built devices like notebooks, desktops, and even Smartphones and IoT devices made by ASUS. Hackers were able to use valid ASUS digital certificates to disguise their malware as legitimate software updates from ASUS.
Kaspersky Labs says that as many as half a million devices have been infected with malware being pushed out by ASUS. Kaspersky Labs says that it had discovered the malware in January 2019 while implementing a new supply-chain technology, and informed ASUS by late January. Kaspersky even sent a representative to meet with ASUS in February. Kaspersky has claimed that ASUS since has been “largely unresponsive since then and has not notified ASUS customers about the issue.”
This definitely is not a good look for ASUS. I would say if you have an ASUS product turn off auto updates and be sure to scan your system for malware etc.