Source: Ars Technica
A backdoored version of Daemon Tools—installed on millions of machines for mounting disk images—circulated for a month before detection, showing that legitimate software distribution channels remain the easiest path for attackers seeking scale and persistence. The compromise didn't require breaking into Daemon Tools' infrastructure; it exploited the trust users place in incremental updates, meaning defenders can't assume routine security patches are safe. Daemon Tools occupies a privileged position on developer and power-user machines where it has low-level disk access, making it a valuable entry point for ransomware, espionage, or lateral movement into networks.