Tech

Widely Used Daemon Tools Disk App Hits Backdoor in Month-Long Supply Chain Attack

- by saddam.asad27@gmail.com - Leave a Comment
Widely Used Daemon Tools Disk App Hits Backdoor in Month-Long Supply Chain Attack

https://omg10.com/4/10736335

One of the next payloads sent to about a dozen organizations was what Kaspersky described as a “minimalist backdoor.” It has the ability to execute commands, download files, and execute shellcode payloads in memory, making the infection more difficult to detect.

Kaspersky said it observed a more complex backdoor called QUIC RAT, installed on a single machine belonging to an educational institution located in Russia. Initial analysis found that it can inject payloads into the notepad.exe and conhost.exe processes and supports a variety of C2 communication protocols, including HTTP, UDP, TCP, WSS, QUIC, DNS, and HTTP/3.

The 100 infected organizations were primarily located in Russia, Brazil, Türkiye, Spain, Germany, France, Italy and China. Kaspersky’s visibility into the attack is limited because it relies solely on telemetry provided by its own products.

Kaspersky researchers wrote:

The analysis shows that 10% of affected systems belong to companies and organizations. The attackers attempted to infect most of the affected machines with just the information collector payload. However, the other, more complex backdoor payload has been observed on only a dozen machines from government, scientific, manufacturing and retail organizations located in Russia, Belarus and Thailand. This way of implementing the backdoor on a small subset of infected machines clearly indicates that the attacker intended to carry out the infection in a specific way. However, its intent – ​​whether cyber espionage or “big game hunting” – is currently unclear.

The most recent supply chain attacks have affected Trivy, Checkmarx and Bitwarden and more than 150 packages available through open source repositories. Last year there were at least six notable such attacks.

Anyone using Daemon Tools should take the time to scan their entire machines using reputable antivirus software. Windows users should also check the indicators of compromise listed in Kaspersky’s post. For more technically advanced users, Kaspersky recommends monitoring “suspicious code injections into legitimate system processes, especially when the source is executables launched from publicly accessible directories such as Temp, AppData or Public.”

Related Posts

Richard Dawkins concludes that AI is conscious, even if it doesn’t know it | AI (artificial intelligence)

Richard Dawkins concludes that AI is conscious, even if it doesn’t know it | AI (artificial intelligence)

As workers worry about AI, Nvidia’s Jensen Huang says AI is “creating a huge number of jobs”

As workers worry about AI, Nvidia’s Jensen Huang says AI is “creating a huge number of jobs”

It’s goodbye time for Jeeves and Ask.com – Relics of yesterday’s Internet

It’s goodbye time for Jeeves and Ask.com – Relics of yesterday’s Internet

About saddam.asad27@gmail.com

View all posts by saddam.asad27@gmail.com →

Leave a Reply

Your email address will not be published. Required fields are marked *