Kaspersky Suspects Chinese Hackers Planted Door in Daemon Tools in “Widespread” Attack

Security researchers at Kaspersky say they have discovered a malicious vulnerability planted in the popular and long-running Windows disk imaging program, Daemon Tools.

Russian cybersecurity company he said on Tuesday that data collected from computers around the world running Kaspersky’s antivirus software shows a “widespread” attack is underway, targeting thousands of Windows computers running Daemon Tools.

The hackers, whom Kaspersky linked to a Chinese-speaking team based on malware analysis, used Daemon Tools behind the scenes to plant additional malware on dozens of computers in retail, scientific and manufacturing sectors, as well as government systems. Kaspersky said the hacking of these computers meant a “deliberate” effort.

The company said that the planned subsidiaries are located in Russia, Belarus, and Thailand.

Kaspersky said the backdoor was first discovered on April 8.

Kaspersky said it contacted Disc Soft, the company that maintains the Daemon tools, but did not say whether the developer responded or took any action. Kaspersky said the attack chain is “still active,” meaning hackers could still plant malware on thousands of computers running the software.

This is the latest in a series of so-called “supply chain” attacks that have targeted popular software developers in recent months. Hackers are targeting the accounts of developers who use widely used code and software, and are exploiting the opportunity to push malicious code to anyone who relies on that software. This technique allows attackers to infect many computers at once while their malicious code is presented as an executable program.

At the beginning of this year, hacking cooperated with the Chinese government hacked the popular text editor Notepad++ sending malware to several organizations with interests in East Asia. Security researchers also warned of another attack last month targeting the same users visited the CPUID websitewhich produces the popular tools HWMonitor and CPU-Z.

TechCrunch downloaded the Windows installer from the Daemon Tools website, and the file appeared it has a backdoor where we saw it was the online malware VirusTotal.

It is not known if the MacOS version of Daemon Tools was affected, or if other programs made by Disc Soft are affected.

Asked for comment, a representative for Disc Soft said it was “aware of the report and is investigating the situation.”

“Our team is taking action on this matter and is working diligently to analyze and resolve the issue. At this time, we cannot confirm the information mentioned in the report. However, we are doing everything necessary to solve the possible problems and ensure the safety of our users,” said the representative.

Do you know more about a cyberattack targeting Daemon tool users? Have you received an antivirus warning that you are infected? We want to hear from you. To contact this reporter securely, access the Signal username zackwhittaker.1337.