Chinese Hackers Targeted Daemon Tools in Widespread Backdoor Attack
Kaspersky cybersecurity firm has identified a sophisticated attack where Chinese-linked hackers planted backdoor malware into Daemon Tools, a popular Windows utility software. The company detected thousands of infection attempts and at least a dozen successful compromises after users downloaded compromised versions of the software.
TechnologyKaspersky, a leading cybersecurity company, has uncovered a major cyberattack campaign targeting users of Daemon Tools, one of the most widely-used Windows system utilities. The investigation revealed that hackers with suspected Chinese connections successfully injected malicious code into legitimate versions of the software, creating a backdoor for unauthorized system access.
The attack operated on a significant scale, with Kaspersky detecting thousands of infection attempts across its monitoring systems. While the exact number of successful compromises remains under investigation, security researchers have confirmed at least a dozen machines where the backdoored software was successfully installed and executed, granting attackers persistent access to infected systems.
Daemon Tools is a legitimate Windows application used by millions of users worldwide for disk image management and virtualization tasks. The compromise of such a widely-trusted utility represents a serious supply chain security threat, as users typically install the software without suspicion. Once installed, the backdoor would allow attackers to execute arbitrary code, steal sensitive data, or establish long-term persistence on compromised machines.
Kaspersky's findings highlight the growing risk of supply chain attacks, where threat actors target popular software to reach a broader victim base. The company has not yet disclosed which specific versions of Daemon Tools were compromised or the exact distribution method used to deliver the malicious versions. Users of Daemon Tools are advised to verify the authenticity of their installations and update to the latest patched versions provided by the official developer.
Open in app →