Widely Used Daemon Tools Disk App Backdoored in Monthlong Supply-Chain Attack
Kaspersky said the attack can still deliver malware to thousands of Windows computers through a compromised software update.
- Kaspersky identified a supply-chain attack involving trojanized Daemon Tools installers for Windows, which has remained active since April 8 and impacted thousands of systems globally.
- Hackers linked to a Chinese-language speaking group compromised official software installers to deliver malicious payloads; this follows similar 'supply chain' attacks targeting Notepad++ and CPU-Z.
- The malware deploys an information stealer, while a more complex backdoor dubbed QUIC RAT targets government, scientific, and manufacturing organizations in Russia, Belarus, and Thailand.
- Disc Soft, the developer of Daemon Tools, is investigating the report, while Kaspersky urges users to scan their machines for abnormal activity occurring on or after April 8.
- Supply-Chain attacks continue to threaten organizations through compromised software updates, with Kaspersky warning that the campaign remains "still active" and poses ongoing risk.
19 Articles
19 Articles
Hackers used Daemon Tools' own website to silently install backdoors on thousands of PCs for nearly a month
Cybersecurity researchers at Kaspersky found that the attack compromised multiple versions of Daemon Tools, from 12.5.0.2421 through 12.5.0.2434. What made the campaign particularly difficult to detect was that the malicious installers were distributed directly from the official website and signed with legitimate digital certificates belonging to AVB Disc Soft, the...Read Entire Article
Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack
Daemon Tools, a widely used app for mounting disk images, has been backdoored in a monthlong compromise that has pushed malicious updates from the servers of its developer, researchers said Tuesday. Kaspersky, the security firm reporting the supply-chain attack, said it began on April 8 and remained active as of the time its post went live. Installers that are signed by the developer’s official digital certificate and downloaded from its website…
TechCrunch
unstore.com.npKaspersky suspects Chinese hackers planted a backdoor into Daemon Tools in 'widespread' attack
The cybersecurity company says it's seen thousands of infection attempts, and at least a dozen successful hacks after users installed malicious versions of the popular Windows software.
Daemon Tools, a popular application for mounting disk images, was at the center of an attack on the supply chain that distributed malicious updates for about a month from its developer's own servers, compromising thousands of computers and allowing the installation of back doors on selected targets. *** Kaspersky indicated that versions 12.5.0.2421 to 12.5.0.2434 of Daemon Tools were distributed with malware from official channels. The campaign …
Coverage Details
Bias Distribution
- 80% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
