Kaspersky: Popular Daemon Tools app backdoored via malicious updates
- Source
- Ars Technica
- Time
- 10:11 PM
- Weight
- 94/100
Kaspersky has reported a monthlong supply-chain attack targeting Daemon Tools, a popular utility for mounting disk images. Starting in early April, malicious updates were distributed directly from the developer's official servers, affecting Windows versions 12.5.0.2421 through 12.5.0.2434.
Because the installers were signed with legitimate digital certificates, the compromise was particularly difficult to detect, allowing the malware to infect thousands of machines across more than 100 countries. The malware initially functions as an information collector, harvesting data such as MAC addresses, hostnames, and running processes.