Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack
5 hours ago
- #supply-chain-attack
- #malware
- #cybersecurity
- Daemon Tools was compromised for about a month, with malicious updates signed by the developer's certificate and distributed via its website.
- Infected versions (12.5.0.2421 through 12.5.0.2434) on Windows collect system data like MAC addresses and send it to attacker-controlled servers.
- The attack targeted thousands of machines globally, with follow-on payloads delivered to about 12 select organizations in sectors like retail and government.
- Supply-chain attacks like this are hard to defend against, as they involve legitimate, signed updates; detection often takes weeks or months.
- Kaspersky emphasized the attack's sophistication, urging organizations to check Daemon Tools installations for abnormal activities since April 8.