"The malicious injection affects Daemon Tools versions 12.5.0.2421 through 12.5.0.2434, tampering with core binaries that activate a backdoor at every machine startup."
"Kaspersky telemetry recorded thousands of infection attempts across more than 100 countries, with ten percent of affected systems belonging to businesses."
"The most sophisticated implant, dubbed QUIC RAT, supports communication over HTTP, UDP, TCP, QUIC, DNS, and HTTP/3, indicating advanced capabilities of the malware."
"A typosquatting domain registered just a week before the attack serves as the command-and-control server, showcasing the attackers' planning and execution."
Daemon Tools' official website has been compromised, distributing trojanized installers since April 8th. These installers deploy a backdoor with remote control capabilities, remaining undetected for nearly a month. Kaspersky's Global Research and Analysis Team identified the attack, which affects specific versions of Daemon Tools. The malware exploits elevated privileges of disk emulation software, allowing deep system access. Thousands of infection attempts have been recorded globally, with a significant portion targeting businesses. Attackers have also deployed sophisticated remote access tools on select machines in specific countries.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]