"The backdoor was observed sending requests to a typosquatting domain registered on March 27. The server responds with a shell command executed via command prompt to fetch and run a payload."
"Using the information collected by the malware, the attackers identified systems of interest and infected them with a second, minimalistic backdoor."
"Only a dozen systems at government, scientific, manufacturing, and retail organizations in Belarus, Russia, and Thailand were infected with the backdoor, suggesting a targeted attack."
A supply chain attack has compromised Daemon Tools software, injecting malicious code into versions 12.5.0.2421 to 12.5.0.2434. Chinese-speaking attackers targeted government, scientific, manufacturing, and retail organizations. The attack activates a backdoor upon launching specific binaries, allowing the malware to send requests to a typosquatting domain. This mechanism aims to deploy an information collector on thousands of machines, with a focus on systems in over 100 countries. Ultimately, a dozen systems in Belarus, Russia, and Thailand were infected, indicating a targeted approach.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]