Securelist
Supply Chain Attack Compromises DAEMON Tools with Malicious Backdoor
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A supply chain attack has compromised the DAEMON Tools software installers, which began on April 8, 2026. Kaspersky identified that these trojanized installers, signed with legitimate digital certificates, have affected thousands of users globally, with specific targeting of organizations in the retail, scientific, government, and manufacturing sectors. The malware allows attackers to deploy additional payloads on compromised systems, with telemetry indicating infections in over 100 countries. The threat actors are suspected to be Chinese-speaking, and Kaspersky has contacted the software's developer, AVB Disc Soft, who is currently investigating the incident. The attack remains active, with ongoing risks for users who downloaded affected versions (12.5.0.2421 to 12.5.0.2434). Kaspersky's findings have been corroborated by other cybersecurity reports, emphasizing the sophistication and targeted nature of the attack.
Key Points: • DAEMON Tools installers have been compromised since April 8, 2026. • The attack has affected thousands of users across more than 100 countries. • Kaspersky suspects the attackers are a Chinese-speaking group targeting specific sectors.