Kaspersky suspects Chinese hackers planted a backdoor into Daemon Tools in ‘widespread’ attack

2026-05-05 · Source: TechCrunch · Field: Technology & Digital — Cybersecurity & Data Privacy, Cloud Computing & IT Infrastructure · Depth: Intermediate, quick

Summary

Security researchers at Kaspersky have identified a widespread malicious backdoor in Daemon Tools, a popular Windows disc imaging software. The attack, first detected on April 8, targets thousands of Windows computers and is linked to a Chinese-language speaking group. This backdoor was used to plant additional malware on a dozen computers across retail, scientific, manufacturing, and government sectors in Russia, Belarus, and Thailand, indicating a targeted effort. Kaspersky has contacted Disc Soft, the software's maintainer, and confirmed the supply chain attack remains active. TechCrunch independently verified the presence of the backdoor in the Windows installer via VirusTotal, while Disc Soft stated they are investigating the situation with high priority.

Key takeaway

For VP of Engineering or Data responsible for software supply chain security, you should immediately audit all systems running Daemon Tools for compromise. Prioritize isolating and patching affected systems, and implement enhanced verification processes for all third-party software updates to mitigate similar supply chain risks. Consider alternative, verified disc imaging solutions if the vendor's remediation is not swift and transparent.

Key insights

A widespread supply chain attack compromised Daemon Tools, enabling targeted malware delivery to thousands of Windows systems.

Principles

• Supply chain attacks target widely used software.
• Compromised developer accounts facilitate malware distribution.

Method

Hackers compromise software developers' accounts to inject malicious code into legitimate software updates, distributing malware to a broad user base upon installation.

In practice

• Scan downloaded software installers with VirusTotal.
• Monitor for unusual network activity post-software update.

Topics

• Daemon Tools Backdoor
• Supply Chain Attacks
• Chinese Hacking Group
• Windows Security
• Malware Distribution

Best for: VP of Engineering/Data, Security Engineer, IT Professional, CTO

Related on AIssential

• Your Laptop Is the New Perimeter: The Real Lesson of the 2026 Supply-Chain Attacks — Supply-chain attacks now target developer environments and build systems, shifting the security perimeter from traditional datacenters.
• OpenAI Among the Companies Affected by TanStack Breach — Software supply chain attacks exploiting GitHub Actions can compromise open-source libraries and spread credential-stealing malware.
• For the 2nd time in weeks, Microsoft packages laced with credential stealer — Supply chain attacks exploit trust models, not vulnerabilities, using compromised credentials to publish cryptographically verified malicious packages.
• Delve did the security compliance on LiteLLM, an AI project hit by malware — Open-source projects face significant supply chain risks, even with security certifications.
• Vercel breach exposes the OAuth gap most security teams cannot detect, scope or contain — Unmonitored OAuth grants to third-party AI tools create critical, undetectable supply chain attack vectors.
• GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK — Chained supply chain and AI agent vulnerabilities are actively exploited, bypassing traditional security measures.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by TechCrunch.