{"id":329987,"date":"2026-05-06T06:22:56","date_gmt":"2026-05-06T00:52:56","guid":{"rendered":"https:\/\/ebiztoday.news\/?p=329987"},"modified":"2026-05-06T06:22:57","modified_gmt":"2026-05-06T00:52:57","slug":"widely-used-daemon-tools-disk-app-backdoored-in-monthlong-supply-chain-attack","status":"publish","type":"post","link":"https:\/\/ebiztoday.news\/index.php\/2026\/05\/06\/widely-used-daemon-tools-disk-app-backdoored-in-monthlong-supply-chain-attack\/","title":{"rendered":"Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack"},"content":{"rendered":"<div>\n<p>One in every of the follow-on payloads pushed to a couple of dozen organizations was what Kaspersky described as a \u201cminimalistic backdoor.\u201d It has the flexibility to execute commands, download files, and run shellcode payloads in memory\u2014making the infection harder to detect.<\/p>\n<p>Kaspersky said that it observed a more complex backdoor dubbed QUIC RAT, installed on a single machine belonging to an academic institution situated in Russia. Initial evaluation found that it may well inject payloads into the notepad.exe and conhost.exe processes and supports a wide range of C2 communication protocols, including HTTP, UDP, TCP, WSS, QUIC, DNS, and HTTP\/3.<\/p>\n<p>The 100 infected organizations were primarily situated in Russia, Brazil, Turkey, Spain, Germany, France, Italy, and China. Kaspersky\u2019s visibility into the attack is restricted since it\u2019s based solely on telemetry provided by its own products.<\/p>\n<p>Kaspersky researchers wrote:<\/p>\n<blockquote>\n<p>The evaluation shows that 10% of the affected systems belong to businesses and organizations. Attackers attempted to contaminate many of the affected machines only with the knowledge collector payload. Nevertheless, the opposite backdoor payload, which is more complex, has been observed only on a dozen machines of presidency, scientific, manufacturing and retail organizations situated in Russia, Belarus and Thailand. This fashion of deploying the backdoor to a small subset of infected machines clearly indicates that the attacker had intentions to conduct the infection in a targeted manner. Nevertheless, their intent \u2013 whether it&#8217;s cyberespionage or \u2018big game hunting\u2019 \u2013 is currently unclear.<\/p>\n<\/blockquote>\n<p>Newer supply-chain attacks have hit Trivy, Checkmarx, and Bitwarden and greater than 150 packages available through open source repositories. Last yr, there have been at the least six notable such attacks.<\/p>\n<p>Anyone who uses Daemon Tools should take time to scan everything of their machines using reputable antivirus software. Windows users should moreover check for indicators of compromise listed within the Kaspersky post. For more technically advanced users, Kaspersky recommends monitoring \u201csuspicious code injections into legitimate system processes, especially when the source is executables launched from publicly accessible directories reminiscent of Temp, AppData, or Public.\u201d<\/p>\n<\/p><\/div>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>One in every of the follow-on payloads pushed to a couple of dozen organizations was what Kaspersky described as a \u201cminimalistic backdoor.\u201d It has the flexibility to execute commands, download files, and run shellcode payloads in memory\u2014making the infection harder to detect. Kaspersky said that it observed a more complex backdoor dubbed QUIC RAT, installed [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":329988,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[3348,6727,51390,34858,790,26856,19716,898,10259],"class_list":["post-329987","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-app","tag-attack","tag-backdoored","tag-daemon","tag-disk","tag-monthlong","tag-supplychain","tag-tools","tag-widely"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts\/329987","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/comments?post=329987"}],"version-history":[{"count":2,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts\/329987\/revisions"}],"predecessor-version":[{"id":329990,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts\/329987\/revisions\/329990"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/media\/329988"}],"wp:attachment":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/media?parent=329987"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/categories?post=329987"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/tags?post=329987"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}