Kaspersky Detects Backdoor Attack in Daemon Tools Affecting Windows Users

Kaspersky Suspects Chinese Hackers Planted Backdoor in Daemon Tools

Kaspersky researchers have uncovered what appears to be a major supply chain cyberattack involving the popular Windows software Daemon Tools. According to the cybersecurity company, hackers allegedly inserted a malicious backdoor into the disc imaging software, potentially affecting thousands of Windows users worldwide.
Source: TechCrunch Report

What Happened in the Daemon Tools Cyberattack?

Security experts say the attackers used the compromised software to secretly install additional malware onto targeted systems. Kaspersky linked the attack to a Chinese-speaking hacking group after analyzing the malware’s behavior and technical characteristics. The company described the campaign as both “widespread” and highly targeted.

Thousands of Windows Computers Potentially Affected

Kaspersky reported that the malicious activity targeted computers running Daemon Tools, a long-running software commonly used for virtual disc imaging on Windows systems.

Researchers said the malware was used to infect systems across several sectors, including:

• Government organizations
• Scientific institutions
• Retail companies
• Manufacturing businesses

The affected organizations were reportedly located in:

• Russia
• Belarus
• Thailand

Supply Chain Attack Raises Major Security Concerns

Cybersecurity experts identified the incident as a “supply chain attack,” a growing tactic where hackers compromise trusted software providers to spread malware through official software updates. This method allows attackers to infect a large number of users at once without directly targeting each victim individually. Kaspersky warned that the malicious backdoor was first detected on April 8 and claimed the campaign remains active.

Daemon Tools Developer Responds

Disc Soft, the company behind Daemon Tools, confirmed it is investigating the allegations. A company representative said the issue is being treated with the “highest priority” and that security teams are actively assessing potential risks. However, the company has not yet confirmed the full extent of the compromise.

Malware Found in Windows Installer

According to reports, cybersecurity researchers analyzed the Windows installer available from the official Daemon Tools website and discovered signs of the suspected backdoor.

It remains unclear whether:

• The macOS version of Daemon Tools was affected
• Other Disc Soft applications were compromised
• Additional malware variants were distributed

Rise in Software Supply Chain Attacks

The Daemon Tools incident is the latest example of hackers targeting trusted software developers.

Earlier this year, attackers allegedly compromised:

• Notepad++
• HWMonitor
• CPU-Z

Cybercriminals increasingly use software supply chain attacks because they provide access to large networks of users through legitimate applications.

How Users Can Protect Their Systems

Cybersecurity professionals recommend that Windows users:

• Update antivirus software immediately
• Scan systems for suspicious activity
• Avoid downloading software from unofficial sources
• Enable firewall and endpoint protection
• Monitor for unusual system behavior or unauthorized access

Users running Daemon Tools are encouraged to watch for official security updates from Disc Soft.