1 hour ago
1
Security researchers astatine Kaspersky accidental they person identified a malicious backdoor planted successful the fashionable and long-running Windows disc imaging software, Daemon Tools.
The Russian cybersecurity institution said connected Tuesday that information collected from computers astir the satellite moving the Kaspersky antivirus bundle shows a “widespread” onslaught is nether way, targeting thousands of Windows computers moving Daemon Tools.
The hackers, whom Kaspersky has linked to a Chinese-language speaking radical based connected an investigation of the malware, utilized the backdoor successful Daemon Tools to works further malware connected a twelve computers crossed the retail, technological and manufacturing sectors, arsenic good arsenic authorities systems. Kaspersky said the hacking of these circumstantial computers implied a “targeted” effort.
The institution said the targeted organizations are located successful Russia, Belarus and Thailand.
Kaspersky said the backdoor was archetypal detected connected April 8.
Kaspersky said it had contacted Disc Soft, the institution that maintains Daemon Tools, but did not accidental if the developer responded oregon took action. Kaspersky said the proviso concatenation onslaught is “still active,” suggesting that the hackers tin inactive works malware connected thousands of computers moving the disc imaging software.
This is the latest successful a drawstring of alleged “supply chain” attacks that person targeted developers of fashionable bundle successful caller months. Hackers are progressively taking purpose astatine the accounts of developers who enactment connected wide utilized codification and software, and abusing that entree to propulsion malicious codification to anyone who relies connected the software. This attack lets the hackers interruption into a ample fig of computers astatine erstwhile once their malicious codification is delivered arsenic a bundle update.
Earlier this year, hackers associated with the Chinese authorities hijacked the fashionable substance editing bundle Notepad++ to present malware to a fig of organizations with interests successful East Asia. Security researchers besides warned of different onslaught past period targeting users who visited the website of CPUID, which makes the fashionable HWMonitor and CPU-Z tools.
TechCrunch downloaded the Windows installer from Daemon Tools’ website, and the record appeared to contain the backdoor erstwhile we checked it with the online malware scanner work VirusTotal.
It’s not known if the macOS mentation of Daemon Tools was compromised, oregon if different apps made by Disc Soft are affected.
When contacted for comment, a Disc Soft typical said they are “aware of the study and are presently investigating the situation.”
“Our squad is treating this substance with the highest precedence and is actively moving to measure and code the issue. At this stage, we are not successful a presumption to corroborate circumstantial details referenced successful the report. However, we are taking each indispensable steps to remediate immoderate imaginable risks and to guarantee the information of our users,” the typical said.
Do you cognize much astir the cyberattack targeting Daemon Tools users? Did you person an antivirus alert saying you were affected? We privation to perceive from you. To interaction this newsman securely, scope retired via Signal username zackwhittaker.1337.
When you acquisition done links successful our articles, we whitethorn gain a tiny commission. This doesn’t impact our editorial independence.
English (US) ·