Kaspersky Discovers a Backdoor in Daemon Tools and Raises Alarm on Ongoing Global Attack
An investigation conducted by Kaspersky researchers has led to the discovery of a possible compromise of the well-known software Daemon Tools, used for managing disk images (ISO). According to what has emerged, a malicious backdoor has been inserted into the program, exploited to launch a large-scale attack involving thousands of computers.
Data collected through the company's protection systems indicate that the operation is still ongoing and presents typical characteristics of a supply chain attack. This type of threat directly targets software developers or distribution channels, allowing attackers to spread malicious code through seemingly legitimate updates. In this case, the identified vulnerability would allow hackers to install additional malicious components on the affected devices.
Code analysis suggests that the authors of the attack are connected to a Chinese-speaking group. Although the spread is extensive, some intrusions appear to have been targeted: a dozen systems belonging to organizations in commercial, scientific, manufacturing, and even governmental sectors have been selectively compromised. The entities involved are mainly located in Russia, Belarus, and Thailand.
Further Details on Kaspersky's Discovery of the Backdoor in Daemon Tools
The presence of the backdoor was first identified on April 8, but the threat has yet to be neutralized. Experts have reported the issue to Disc Soft, the company responsible for the development of Daemon Tools. The company has confirmed that it is aware of the situation and has initiated internal checks, but has not provided definitive details on the causes or any countermeasures already adopted.
Further independent checks have reinforced suspicions: the installation file downloaded from the official site and analyzed via the VirusTotal service appears to contain suspicious code. It is still unclear whether the macOS version or other products from the same developer have been involved.
This incident is part of a series of recent attacks that have targeted popular software. Previously, tools such as Notepad++ and CPUID utilities, including CPU-Z and HWMonitor, had been used to distribute malware through official channels.