Kaspersky said the attack, which took place between June and November 2018, is possibly affecting over a million users all over the world.
Cyber security firm Symantec's spokeswoman Jennifer Duffourg also confirmed the software supply chain attack against Asustek users.
"Based on our analysis, trojanized updates via URIs were deployed by ASUS' live update server between June and late October 2018. These updates were digitally signed using two certificates from ASUS," Duffourg said.
The hackers were targeting an unknown pool of users, who were identified by their network adapters' MAC addresses, Kaspersky said.
More than 57,000 Kaspersky users installed the backdoor version of ASUS Live Update, the report said. Kaspersky said they informed Asustek about the attack on January 31, 2019.
Asustek did not immediately respond to Reuters request for comment.