Security experts at Kaspersky have uncovered a malicious backdoor embedded within the widely used Windows disc imaging software, Daemon Tools. This alarming discovery indicates a "widespread" cyberattack targeting numerous Windows systems globally, as reported by the Russian cybersecurity firm.
According to Kaspersky's findings, the backdoor was first detected on April 8 and has been linked to a group of hackers identified as Chinese-speaking. This group has utilized the backdoor to deploy additional malware on various systems, including those in the retail, scientific, and manufacturing sectors, as well as governmental organizations. The targeted nature of these attacks suggests a deliberate and strategic approach.
The affected organizations are located in Russia, Belarus, and Thailand, highlighting the international scope of this cybersecurity threat. Kaspersky has reached out to Disc Soft, the developer behind Daemon Tools, although it remains unclear if the company has responded or taken any remedial actions. The ongoing supply chain attack indicates that the hackers still possess the capability to introduce malware to thousands of systems using the software.
This incident is part of a growing trend of so-called "supply chain" attacks, where hackers compromise software developers to distribute malicious code through legitimate updates. Such tactics enable them to infiltrate a vast number of computers simultaneously, posing significant risks to users who rely on these applications.
Earlier this year, similar tactics were observed when hackers affiliated with the Chinese government commandeered the popular text editor Notepad++ to distribute malware to various organizations. Security analysts also reported another incident involving the website of CPUID, which produces the widely used HWMonitor and CPU-Z tools.
In a proactive measure, Kaspersky tested the Windows installer from Daemon Tools' official website, confirming the presence of the backdoor through the VirusTotal malware scanner. However, it remains uncertain whether the macOS version of Daemon Tools was also compromised or if other applications from Disc Soft are affected.
A representative from Disc Soft has acknowledged awareness of the situation and stated that they are currently investigating the matter. They emphasized that the company is prioritizing user security and is committed to addressing any potential risks associated with this incident.
As the digital landscape evolves, the implications of such cyber threats underscore the importance of robust cybersecurity measures. The ongoing developments in this case may serve as a catalyst for enhancing security protocols across the software industry, ultimately fostering a safer environment for users worldwide.
