Kaspersky found and reported this.
Thanks to a new technology in our products that is capable of detecting supply-chain attacks, our experts have uncovered what seems to be one of the biggest supply-chain incidents ever (remember CCleaner? This one’s bigger). A threat actor modified the ASUS Live Update Utility, which delivers BIOS, UEFI, and software updates to ASUS laptops and desktops, added a back door to the utility, and then distributed it to users through official channels. [Source]
ASUS Support has nothing published (as of the time of this post) on it that I can find, but I didn't dig, as we have no ASUS computers.