Users of the ASUS Live Update beware, you could install backdoor

As Kaspersky lab announced today, users of ASUS hardware are possible targets of hackers attack:

The actors behind ShadowHammer targeted the ASUS Live Update Utility as the initial source of infection. This is a pre-installed utility in most new ASUS computers, for automatic BIOS, UEFI, drivers and applications updates. Using stolen digital certificates used by ASUS to sign legitimate binaries, the attackers have tampered older versions of ASUS software, injecting their own malicious code. Trojanized versions of the utility were signed with legitimate certificates and were hosted on and distributed from official ASUS update servers – which made them mostly invisible to the vast majority of protection solutions.

Read more at Kaspersky lab site:
press-releases | operation-shadowhammer-new-supply-chain-attack

Brink already posted this, so it could be deleted. Sorry

tenforums | windows-10-news/129563-operation-shadowhammer-apt-targeted-asus-live-update-utility

Well now, so my dislike of digital certificates has been vindicated?...

In this case, if they contained the hash of the supplied exe/dll there would not be a problem? ... Smartscreen and most AV's could verify upfront...right?