/
Navigation
Chronicles
Browse all articles
Explore
Semantic exploration
Research
Entity momentum
Nexus
Correlations & relationships
Story Arc
Topic evolution
Drift Map
Semantic trajectory animation
Posts
Analysis & commentary
Pulse API
Tech news intelligence API
Browse
Entities
Companies, people, products, technologies
Domains
Browse by publication source
Handles
Browse by social media handle
Detection
Concept Search
Semantic similarity search
High Impact Stories
Top coverage by position
Sentiment Analysis
Positive/negative coverage
Anomaly Detection
Unusual coverage patterns
Analysis
Rivalry Report
Compare two entities head-to-head
Semantic Pivots
Narrative discontinuities
Crisis Response
Event recovery patterns
Connected
Search: /
Command: ⌘K
Embeddings: large
TEXXR
TEXXR

Chronicles

The story behind the story

days · browse · Enter similar · o open

Kaspersky says Daemon Tools, a widely used app for mounting disk images, has been backdoored in a monthlong compromise that has pushed malicious updates

Daemon Tools, a widely used app for mounting disk images, has been backdoored in a monthlong compromise that has pushed malicious updates …

Ars Technica Dan Goodin

Related Coverage

Discussion

  • @kucher1n Georgy Kucherin on x
    Furthermore, we observed just one of the organizations to receive a unique RAT that is able to inject payloads and can use a wide range of protocols for C2 server communications - including WSS, QUIC, DNS and HTTP/3. Analysis of this implant is currently ongoing. [6/7]
  • @kucher1n Georgy Kucherin on x
    However, we also observed hands-on activities for just about a dozen victim organizations - this indicates that this supply chain attack is a targeted one. These victims received a minimalistic backdoor, designed for downloading files and running shellcode payloads. [5/7] [image]
  • @kucher1n Georgy Kucherin on x
    The malicious DAEMON Tools installers have been distributed since the release of version 12.5.0.2421. At the time of writing, the latest versions of this software remain infected. All installers are signed with legitimate certificates belonging to the software developers. [2/7] […
  • @kucher1n Georgy Kucherin on x
    We observed the attackers using this backdoor for deploying further payloads to infected machines. In most cases, we observed attempted deliveries of an implant that conducts system information collection. Curiously, this implant contains strings in Chinese. [4/7] [image]
  • @kucher1n Georgy Kucherin on x
    The DAEMON Tools executables delivered by malicious installers contain a backdoor which runs at the executable initialization stage. This backdoor is responsible for making GET requests to a C2 server to retrieve shell commands and further execute them. [3/7] [image]
  • @kucher1n Georgy Kucherin on x
    Together with @bzvr_, @2igosha and Anton Kargin, we identified that the DAEMON Tools software has been compromised in a complex supply chain attack since April 8. We see thousands of infections across 100+ countries. If you use DAEMON Tools, run a malware scan immediately! [1/7] …
  • @kucher1n Georgy Kucherin on x
    Given that this supply chain attack is highly complex, we urge everyone who uses DAEMON Tools to isolate their machines and initiate a security sweep to ensure protection against malware. You can refer to the IoCs that we published in our blogpost, https://securelist.com/.... [7/…
  • r/programming r on reddit
    Popular DAEMON Tools software infected - supply chain attack ongoing since April 8, 2026