Daemon Tools Software Attacked via Supply-Chain Breach

May 5, 2026, 19:46

Introduction

Security experts have found a dangerous 'backdoor' in the Windows version of Daemon Tools. This allows hackers to steal system data and install other harmful software without the user's knowledge.

Main Body

The attack was discovered by Kaspersky and began on April 8. The hackers used a clever method by distributing malicious updates that were signed with the developer's official digital certificate. Because the updates looked legitimate, users installed them normally, which allowed the malware to bypass standard security checks. This affected versions 12.5.0.2421 through 12.5.0.2434. Data shows that the attack reached thousands of computers in over 100 countries, including Russia, Brazil, and Germany. Initially, the software collected basic system information, such as hostnames and installed programs. However, the attackers then targeted a small group of about twelve organizations in the government and science sectors in Russia, Belarus, and Thailand. In one case, a Russian school was infected with a complex tool called 'QUIC RAT,' which allows hackers to control the system remotely. This incident is part of a growing trend of supply-chain attacks, similar to the famous SolarWinds breach. Based on the malware analysis, experts believe a Chinese-speaking group is responsible. Although the developer, Disc Soft, is currently investigating the situation, it is not yet clear if the goal was to steal secrets or make money.

Conclusion

The attack on Daemon Tools is still active. Therefore, users should perform full system scans and monitor their computers for any unusual activity.

Learning

⚡ The 'B2 Logic' Jump: Moving from Simple Actions to Complex Consequences

An A2 student says: "The hackers sent updates. Users installed them. The malware entered the computer."

A B2 speaker connects these dots using Advanced Causality.

Look at this specific sentence from the text:

"Because the updates looked legitimate, users installed them normally, which allowed the malware to bypass standard security checks."

🧩 The Magic of "..., which..."

In A2 English, we use 'so' or 'and'. In B2, we use a comma followed by "which" to describe the result of a whole previous idea.

How it works:

A2 Style: The update looked real. So, the malware got in. (Two choppy sentences).
B2 Style: The update looked real, which let the malware get in. (One fluid thought).

🛠️ Apply this to your world

Stop using 'and then' for everything. Try this structure: [Action/Situation] + , which + [The Result/Consequence]

A2: I studied hard. I passed the exam.
B2: I studied hard, which helped me pass the exam.
A2: The weather was bad. The flight was cancelled.
B2: The weather was bad, which caused the flight to be cancelled.

🔍 Vocabulary Upgrade: 'Legitimate' vs 'Real'

The text uses "legitimate." At A2, you use "real" or "true." At B2, you use "legitimate" when something is not just real, but officially accepted or legal.

Example: A real ID card is just an ID. A legitimate ID card is one that the government accepts as valid.

Vocabulary Learning

backdoor (n.)

A hidden method of gaining unauthorized access to a computer system.

Example:Cybercriminals installed a backdoor in the software to steal user data.

malicious (adj.)

Intentionally harmful or dangerous.

Example:The malware was designed to perform malicious actions on infected machines.

certificate (n.)

A digital document used to verify identity.

Example:The software updates were signed with the developer's official digital certificate.

legitimate (adj.)

Genuine or lawful.

Example:The updates appeared legitimate, so users trusted them.

bypass (v.)

To evade or avoid a system or rule.

Example:The malware bypassed standard security checks.

standard (adj.)

Accepted or usual; conforming to a norm.

Example:The system uses standard procedures for updates.

security (n.)

Measures taken to protect against threats.

Example:Enhanced security can prevent attacks.

checks (n.)

Verifications or inspections performed to ensure correctness.

Example:Security checks identified the malware.

affected (adj.)

Influenced or impacted by something.

Example:The affected versions were from 12.5.0.2421 to 12.5.0.2434.

versions (n.)

Different releases or iterations of software.

Example:The updates targeted specific versions of the software.

thousands (n.)

A large number, typically between 1,000 and 9,999.

Example:The attack reached thousands of computers.

countries (n.)

Independent nations or states.

Example:The malware spread across 100 countries.

information (n.)

Facts or data that provide knowledge.

Example:The software collected basic system information.

hostnames (n.)

Names assigned to computers on a network.

Example:The malware recorded hostnames of infected machines.

programs (n.)

Software applications that perform specific tasks.

Example:Users installed various programs on their PCs.

targeted (adj.)

Focused on or directed at a specific group or object.

Example:The attackers targeted a small group of organizations.

organizations (n.)

Groups of people working together for a common purpose.

Example:The attack affected several organizations.

government (n.)

The system or group that governs a state or nation.

Example:The government agencies were among the targets.

science (n.)

The systematic study of the structure and behavior of the physical and natural world.

Example:The science sector faced increased cyber threats.

sector (n.)

A distinct part or division within an industry or economy.

Example:The technology sector is vulnerable to supply-chain attacks.