"Kaspersky warned that thousands of computers might have been infected with malware after downloading trojanized versions of Daemon Tools from the official website. According to Kaspersky, Chinese-speaking threat actors injected Daemon Tools iterations released between April 8 and May 5 with code designed to download and execute an information collector. Out of thousands of infected machines, the attackers then selected roughly a dozen to infect with a backdoor, and targeted a Russian educational institution with a second, more complex backdoor as well."
"The initial backdoor, Kaspersky says, was deployed on systems of government, scientific, manufacturing, and retail organizations in Belarus, Russia, and Thailand. On Wednesday, Disc Soft confirmed that hackers compromised certain installation packages, but said that the impact was limited to the free version of Daemon Tools Lite. After learning of the issue, the company isolated and secured the affected systems, removed potentially compromised files from distribution, rebuilt and validated installation packages, and made a clean iteration of Daemon Tools Lite, namely version 12.6.0.2445, available on May 5."
""Our investigation is ongoing as we continue to analyze the root cause and full scope of the incident. At this stage, we are not attributing the incident to any specific third party. We are carefully reviewing all components of our infrastructure to ensure a complete and accurate understanding of what occurred," the company said. Disc Soft says only Daemon Tools Lite version 12.5.1 was compromised, the issue has been contained, and no other products, such as Daemon Tools Ultra and Daemon Tools Pro, have been affected."
Disc Soft confirmed a supply chain intrusion involving trojanized Daemon Tools Lite downloads from the official website. Kaspersky reported that Chinese-speaking threat actors injected malicious code into Daemon Tools iterations released between April 8 and May 5. The injected code downloaded and executed an information collector. From thousands of infected computers, attackers then selected about a dozen systems for backdoor infection and targeted a Russian educational institution with a more complex backdoor. The initial backdoor was deployed across government, scientific, manufacturing, and retail organizations in Belarus, Russia, and Thailand. Disc Soft stated that only Daemon Tools Lite version 12.5.1 was compromised, impact was limited, and other products were unaffected. The company isolated affected systems, removed compromised files, rebuilt and validated installers, and released a clean version on May 5.
#supply-chain-attack #malware-trojanized-installers #backdoor-deployment #daemon-tools-lite #kaspersky-threat-intelligence
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]