Supply Chain Attack Compromises DAEMON Tools with Malicious Backdoor

Supply Chain Attack Compromises DAEMON Tools with Malicious Backdoor

First seen 5 May 2026, 15:06 UTC SecurelistCybersecuritynewsGbhackersHeise.Dewww.kaspersky.ru+17 88% similarity 75.0

Article Content

Browse articles
ThreatCluster

A supply chain attack has compromised the DAEMON Tools software installers, which began on April 8, 2026. Kaspersky identified that these trojanized installers, signed with legitimate digital certificates, have affected thousands of users globally, with specific targeting of organizations in the retail, scientific, government, and manufacturing sectors. The malware allows attackers to deploy additional payloads on compromised systems, with telemetry indicating infections in over 100 countries. The threat actors are suspected to be Chinese-speaking, and Kaspersky has contacted the software's developer, AVB Disc Soft, who is currently investigating the incident. The attack remains active, with ongoing risks for users who downloaded affected versions (12.5.0.2421 to 12.5.0.2434). Kaspersky's findings have been corroborated by other cybersecurity reports, emphasizing the sophistication and targeted nature of the attack.

Key Points: • DAEMON Tools installers have been compromised since April 8, 2026. • The attack has affected thousands of users across more than 100 countries. • Kaspersky suspects the attackers are a Chinese-speaking group targeting specific sectors.

ThreatCluster AI

Timeline

2026-04-08
Supply chain attack on DAEMON Tools installers begins.
2026-05-05
Kaspersky reports on the ongoing supply chain attack.
2026-05-05
AVB Disc Soft acknowledges the situation and begins investigation.

Community

Browse all →