Skip to content
Tech News
← Back to articles

Kaspersky suspects Chinese hackers planted a backdoor into Daemon Tools in ‘widespread’ attack

2026-05-05 | original
read original get Daemon Tools Pro → more articles
Why This Matters

This incident highlights the growing threat of supply chain attacks in the tech industry, where malicious actors target widely used software to compromise numerous systems simultaneously. For consumers and organizations, it underscores the importance of vigilance, timely updates, and robust cybersecurity practices to mitigate such sophisticated threats.

Key Takeaways

Security researchers at Kaspersky say they have identified a malicious backdoor planted in the popular and long-running Windows disc imaging software, Daemon Tools.

The Russian cybersecurity company said on Tuesday that data collected from computers around the world running the Kaspersky antivirus software shows a “widespread” attack is under way, targeting thousands of Windows computers running Daemon Tools.

The hackers, whom Kaspersky has linked to a Chinese-language speaking group based on an analysis of the malware, used the backdoor in Daemon Tools to plant additional malware on a dozen computers across the retail, scientific and manufacturing sectors, as well as government systems. Kaspersky said the hacking of these specific computers implied a “targeted” effort.

The company said the targeted organizations are located in Russia, Belarus and Thailand.

Kaspersky said the backdoor was first detected on April 8.

Kaspersky said it had contacted Disc Soft, the company that maintains Daemon Tools, but did not say if the developer responded or took action. Kaspersky said the supply chain attack is “still active,” suggesting that the hackers can still plant malware on thousands of computers running the disc imaging software.

This is the latest in a string of so-called “supply chain” attacks that have targeted developers of popular software in recent months. Hackers are increasingly taking aim at the accounts of developers who work on widely used code and software, and abusing that access to push malicious code to anyone who relies on the software. This approach lets the hackers break into a large number of computers at once when their malicious code is delivered as a software update.

Earlier this year, hackers associated with the Chinese government hijacked the popular text editing software Notepad++ to deliver malware to a number of organizations with interests in East Asia. Security researchers also warned of another attack last month targeting users who visited the website of CPUID, which makes the popular HWMonitor and CPU-Z tools.

TechCrunch downloaded the Windows installer from Daemon Tools’ website, and the file appeared to contain the backdoor when we checked it with the online malware scanner service VirusTotal.

It’s not known if the macOS version of Daemon Tools was compromised, or if other apps made by Disc Soft are affected.

... continue reading

Explore topics: kaspersky daemon tools chinese hackers supply chain attack disc imaging
Related:
Amazon SES increasingly abused in phishing to evade detection
Shai-Hulud Themed Malware Found in the PyTorch Lightning AI Training Library
New Lotus data wiper used against Venezuelan energy, utility firms
Dependency cooldowns turn you into a free-rider
How the Trivy supply chain attack harvested credentials from secrets managers

© 2026 GoKawiil

About | Editorial Policy | Contact