Daemon Tools Backdoored in Major Supply Chain Attack
A monthlong supply chain attack has compromised Daemon Tools, a popular disk mounting application. This incident highlights the vulnerabilities of software updates, leaving thousands of users at risk.
Understanding the Daemon Tools Compromise
Daemon Tools, a widely used application for mounting disk images, has been backdoored through a sophisticated supply chain attack that began on April 8. Researchers from Kaspersky reported that malicious updates were pushed from the developer's servers, infecting versions 12.5.0.2421 through 12.5.0.2434, primarily affecting Windows users.
The infected software collects sensitive information such as MAC addresses, hostnames, and installed software, sending this data to an attacker-controlled server. Thousands of machines across over 100 countries were targeted, with specific follow-on payloads delivered to select organizations in retail, government, and manufacturing sectors. This incident underscores the challenges of defending against supply chain attacks, as users unknowingly install compromised updates from trusted sources.
- •Key points of the attack include:
- •Attackers used a highly sophisticated method to compromise Daemon Tools.
- •Detection of the attack took about a month, similar to previous incidents like the 3CX attack.
- •Organizations are urged to scrutinize machines with Daemon Tools for unusual activities post-April 8.