1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Kasperky warns popular Daemon Tools app backdoored by hackers to

    From TechnologyDaily@1337:1/100 to All on Wednesday, May 06, 2026 13:15:27
    Kasperky warns popular Daemon Tools app backdoored by hackers to target specific victims

    Date:
    Wed, 06 May 2026 12:05:00 +0000

    Description:
    A two-stage process targets government, science, and retail in Russia, Belarus, and Thailand.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Attackers poisoned DAEMON Tools downloads with malware, infecting thousands worldwide The campaign deployed
    an infostealer first, followed by a selective backdoor on targeted machines Researchers suspect Chinese actors, noting the attacks precision against government and industry systems DAEMON Tools, a popular program used to
    create and use virtual drives on a computer, was poisoned to deliver
    dangerous backdoor to thousands of users, experts have warned.

    Security researchers Kaspersky published a new report outlining how someone broke into the website hosting DAEMON Tools around April 8, 2026. They added multiple new versions of the software, 12.5.0.2421 through 12.5.0.2434 - for DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe binaries. When installed, these versions deployed multiple malware variants. First, the victim gets infected with a basic infostealer that grabs system data (hostname, MAC address, running processes, installed software, and system locale), and relays it to the attackers. Then, based on the information returned, the malware moves to stage two, deploying a lightweight backdoor capable of executing commands, downloading files, and running code directly
    in memory. Article continues below You may like Chinese hackers hide malware within Windows and Google Drive to hit government targets CPUID download page hacked and tools replaced with links to malicious files Dangerous new malware exploits WinRAR flaw - here's what we know Highly targeted attack DAEMON
    Tools was extremely popular in the early 2000s, but even today it is considered to be widely used.

    Kaspersky noted how just among its own customers, it has seen several thousands of infection attempts from early April, with victims located all around the world, in more than 100 countries and territories, with the majority in Russia, Brazil, Turkey, Spain, Germany, France, Italy, and China.

    Kaspersky also noted that this seems to be a highly targeted attack. The threat actors cannot choose who gets infected with the infostealer, since its hosted on DAEMON Tools website. Stage two, however, was only seen on a dozen machines belonging to government, scientific, manufacturing, and retail organizations in Russia, Belarus, and Thailand.

    This manner of deploying the backdoor to a small subset of infected machines clearly indicates that the attacker had intentions to conduct the infection
    in a targeted manner. However, their intent whether it is cyberespionage or big game hunting is currently unclear. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me
    with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    Kaspersky could not determine the identity of the attackers but believes they are Chinese.

    Via BleepingComputer The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/kasperky-warns-popular-daemon-tools-app -backdoored-by-hackers-to-target-specific-victims


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)