Daemon Tools app backdoored in monthlong supply-chain attack
Original: Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack
Why This Matters
Supply-chain attacks on legitimate software pose growing cybersecurity threats
Popular disk image mounting app Daemon Tools was compromised in a supply-chain attack from April 8 through early May. Attackers distributed malware-infected versions through official channels, affecting thousands of machines in 100+ countries.
Security firm Kaspersky reported that Daemon Tools, a widely used disk image mounting application, was backdoored in a sophisticated supply-chain attack lasting approximately one month. The compromise began April 8 and remained active when reported. Infected Windows versions 12.5.0.2421 through 12.5.0.2434 were distributed through official channels with valid digital certificates. The malware collects system information including MAC addresses, hostnames, and installed software, sending data to attacker-controlled servers. While thousands of machines across 100+ countries were infected, only about 12 machines at retail, scientific, government, and manufacturing organizations received secondary payloads, suggesting targeted operations. Kaspersky noted the attack's sophistication was comparable to previous major supply-chain compromises including CCleaner (2017), SolarWinds (2020), and 3CX (2023).