Kaspersky suspects Chinese hackers planted a backdoor into Daemon Tools in widespread attack

Security researchers at Kaspersky have identified a malicious backdoor planted in Daemon Tools, the popular Windows disc imaging software. The Russian cybersecurity company said data collected from computers running its antivirus software shows a widespread attack targeting thousands of Windows computers running Daemon Tools. Kaspersky linked the hackers to a Chinese-language speaking group based on analysis of the malware. The backdoor was used to plant additional malware on a dozen computers across the retail, scientific and manufacturing sectors as well as government systems. The targeted organizations are located in Russia, Belarus and Thailand. Kaspersky said the backdoor was first detected on April 8. The company said it had contacted Disc Soft, the company that maintains Daemon Tools, but did not say if the developer responded or took action. Kaspersky said the supply chain attack is still active. This is the latest in a string of supply chain attacks that have targeted developers of popular software in recent months. Earlier this year hackers associated with the Chinese government hijacked Notepad++ to deliver malware to organizations with interests in East Asia. Security researchers also warned of another attack last month targeting users who visited the website of CPUID, which makes the popular HWMonitor and CPU-Z tools. TechCrunch downloaded the Windows installer from the Daemon Tools website and the file appeared to contain the backdoor when checked with VirusTotal. It is not known if the macOS version of Daemon Tools was compromised or if other apps made