A new investigation in the field of cybersecurity has sounded global alarms. According to TechCrunch, the company Kaspersky has detected indications that a hacker group linked to China introduced a backdoor into the popular Daemon Tools software, used by millions of users worldwide.
Legitimate Software Turned into an Attack VectorDaemon Tools is widely known for allowing the creation and mounting of disk images. However, in this case, compromised versions of the program were allegedly used as a vehicle to silently distribute malware.
This type of attack is known as a supply chain attack, where attackers compromise legitimate software to infect users without raising suspicion.
The Role of the Backdoor: Covert and Persistent AccessThe detected backdoor would allow attackers to:
- Execute remote code on infected devices
- Access sensitive information
- Install additional malware
- Maintain persistence without being detected
Most concerning is that this access could remain active for long periods, facilitating digital espionage operations.
Attribution: Indications Pointing to ChinaAccording to Kaspersky's analysis, there are technical patterns and tactics that match previously attributed campaigns to Advanced Persistent Threat (APT) groups linked to China.
Although attribution in cybersecurity is never absolute, researchers highlight similarities in:
- Command and control (C2) infrastructure
- Obfuscation methods
- Tools used in previous campaigns
The attack would have affected multiple users globally, suggesting a carefully planned and executed operation.
Unlike noisy attacks such as ransomware, this type of intrusion seeks to go unnoticed, focusing on long-term information collection.
Potential targets include:
- Technology companies
- Government organizations
- Researchers and developers
- Users with access to sensitive systems
This incident highlights several critical factors:
- Compromised Trust: Legitimate software ceases to be safe
- Difficult Detection: Malware is hidden within trusted applications
- Mass Distribution: Exploits official download channels
- Advanced Persistence: Access can be maintained for months
In security terms, this type of attack is more sophisticated than traditional infections.
Recommendations for Users and OrganizationsFaced with this scenario, experts recommend:
- Downloading software only from verified official sources
- Verifying application digital signatures
- Keeping systems and antivirus updated
- Monitoring suspicious outbound connections
- Implementing Endpoint Detection & Response (EDR) solutions
For businesses, additionally:
- Auditing third-party software
- Applying Zero Trust policies
- Segmenting internal networks
The Daemon Tools case reinforces a worrying trend: attackers are shifting their focus toward the software supply chain.
This forces a rethinking of traditional security models and requires strengthening controls at every stage of software development and distribution.
Trust, one of the pillars of the digital ecosystem, thus becomes the primary target of modern cyberattacks.