Kaspersky said it has identified a malicious backdoor embedded in the Windows version of Daemon Tools, warning that the ongoing supply chain attack is affecting thousands of computers worldwide.
Researchers Describe Widespread Malware Campaign
Kaspersky said telemetry collected from systems running its antivirus software indicates the campaign is widespread and actively targeting Windows users who installed Daemon Tools.
The cybersecurity company linked the operation to a Chinese-language-speaking hacking group based on its analysis of the malware.
According to Kaspersky, attackers used the backdoor inside Daemon Tools to deploy additional malware onto at least a dozen targeted systems across the retail, manufacturing, scientific, and government sectors.
The affected organizations were located in Russia, Belarus, and Thailand.
Backdoor First Detected In April
Kaspersky said the malicious activity was first identified on April 8.
The company stated that the supply chain attack remains active, meaning attackers may still be capable of distributing malware through compromised versions of the software.
Kaspersky said it contacted Disc Soft, the company behind Daemon Tools, but did not indicate whether the developer had taken action at the time of the report.
TechCrunch Finds Malware In Installer File
TechCrunch reported that it downloaded the Windows installer directly from the Daemon Tools website and identified the suspected backdoor using the malware scanning service VirusTotal.
It remains unclear whether the macOS version of Daemon Tools or other applications from Disc Soft were also compromised.
Supply Chain Attacks Continue To Rise
The incident follows several recent supply chain attacks targeting software developers and widely used applications.
This type of attack involves hackers compromising software vendors or developer accounts and distributing malicious code through legitimate software updates, allowing attackers to infect large numbers of systems simultaneously.
Earlier this year, attackers linked to the Chinese government reportedly compromised Notepad++ to deliver malware to organizations connected to East Asia.
Researchers also warned last month about attacks targeting users visiting the website of CPUID, developer of the HWMonitor and CPU-Z utilities.
Disc Soft Says Investigation Is Ongoing
A Disc Soft representative told TechCrunch the company is aware of the report and investigating the matter.
The representative said the company is treating the issue as a high priority and is working to assess risks and respond to any potential security problems, though it has not yet confirmed specific details from Kaspersky’s findings.
Featured image credits: BusySpace
For more stories like it, click the +Follow button at the top of this page to follow us.