Kaspersky suspects Chinese hackers planted a backdoor into Daemon Tools in ‘widespread’ attack

Security researchers at Kaspersky say they have identified a malicious backdoor planted in the popular and long-running Windows disc imaging software, Daemon Tools. The Russian cybersecurity company said on Tuesday that data collected from computers around the world running the Kaspersky antivirus software shows a “widespread” attack is under way, targeting thousands of Windows computers running Daemon Tools. The hackers, whom Kaspersky has linked to a Chinese-language speaking group based on an analysis of the malware, used the backdoor in Daemon Tools to plant additional malware on a dozen computers across the retail, scientific and manufacturing sectors, as well as government systems. Kaspersky said the hacking of these specific computers implied a “targeted” effort. The company said the targeted organizations are located in Russia, Belarus and Thailand. Kaspersky said the backdoor was first detected on April 8. Kaspersky said it had contacted Disc Soft, the company that maintains Daemon Tools, but did not say if the developer responded or took action. Kaspersky said the supply chain attack is “still active,” suggesting that the hackers can still plant malware on thousands of computers running the disc imaging software. This is the latest in a string of so-called “supply chain” attacks that have targeted developers of popular software in recent months. …