CHINESE HACKERS BACKDOOR DAEMON TOOLS IN SUPPLY-CHAIN ATTACK

The cybersecurity firm detected at least a dozen successful infections and thousands of additional infection attempts targeting users of the popular disk virtualization tool. The attack exploited DAEMON Tools' legitimate distribution channels, making it a classic supply-chain compromise. Victims downloaded trojanized versions of the software directly from official sources, meaning standard security checks may not have flagged the malicious installers. Once installed, the backdoor gave attackers persistent remote access to compromised systems. Attack Timeline The campaign ran for approximately one month before detection. Kaspersky identified the initial compromise on April 8, indicating the attackers maintained access to DAEMON Tools' distribution infrastructure for an extended period. Attribution Kaspersky attributes the attack to Chinese-speaking threat actors, though the company has not publicly confirmed specific group names or facilities involved. The targeting of a widely-used Windows utility suggests the attackers sought broad system access rather than targeting specific organizations. Response DAEMON Tools users should immediately verify their installation sources and check systems for signs of compromise. Kaspersky recommends downloading fresh copies only from verified official sources and scanning existing installations with updated security tools. The incident highlights ongoing risks in software distribution. Even legitimate software channels can be weaponized if attackers gain access to hosting infrastructure or update mechanisms. Users of DAEMON Tools and similar widely-distributed utilities should treat this as an urgent security matter. No statement from DAEMON Tools' parent company Disc Soft has been publicly released regarding the compromise or remediation steps being taken.