New Delhi: A serious new threat has emerged in the global cybersecurity landscape. Cybersecurity firm Kaspersky has claimed that a dangerous backdoor has been planted in the widely used Windows disc imaging software Daemon Tools, which is now being used to carry out large-scale cyberattacks. The attack is believed to have impacted thousands of computers worldwide and has been described as widespread.
According to the report, the backdoor quietly infiltrates systems through the software and later enables attackers to deploy additional malware. Initial investigations reveal that hackers have used this technique to target computers across retail, scientific research, manufacturing industries, and even certain government institutions. This suggests the attack is not limited to general users but is strategically aimed at sensitive and high-value sectors.
FCRF Academy Launches Premier Anti-Money Laundering Certification Program
Active since April, global footprint detected
Cybersecurity analysis indicates that the backdoor was first detected on April 8. The affected organizations are located in countries including Russia, Belarus, and Thailand, pointing to a significant international footprint. Experts believe, based on malware patterns and operational indicators, that the attackers may be linked to a Chinese-speaking group, although there is no official confirmation yet.
One of the most alarming aspects of this incident is that it is a “supply chain attack.” In such attacks, hackers compromise the original source or update mechanism of trusted software, embedding malicious code that spreads to users through legitimate updates. This means users do not need to click on suspicious links—simply installing or updating the software can expose their systems to risk.
Developer investigating, threat still ongoing
The software is maintained by Disc Soft, which has acknowledged the issue and launched an investigation. The company stated that it is aware of the report and is working to assess and mitigate any potential risks. However, it has not yet clarified how many users have been affected or when a fix might be available.
Experts warn that the attack may still be active, raising concerns that attackers could continue to deploy malware on newly affected systems. It also remains unclear whether the macOS version of the software or other products from the developer have been compromised.
Pattern of recent cyberattacks
This is not an isolated case. In recent months, multiple incidents have surfaced where hackers have targeted software developers or update systems to distribute malware at scale. Earlier this year, a widely used text editor was similarly compromised, allowing attackers to infiltrate organizations with interests in strategic regions.
Advisory for users
Cybersecurity experts advise users to exercise caution while downloading or updating any software. It is recommended to use only official sources and keep antivirus programs up to date. Any unusual system behavior—such as sudden slowdowns, unknown applications appearing, or unauthorized data access—should be investigated immediately.
Renowned cybercrime expert and former IPS officer Prof. Triveni Singh says, “Supply chain attacks have become one of the most dangerous cyber weapons today. Instead of targeting users directly, attackers weaponize trusted software. In such cases, awareness and timely updates remain the strongest defense.”
