Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

AVB Disc Soft hit by network compromise

Incident
First reported
Last updated
Happening score
H score 45
2 unique sources, 2 articles

Summary

Hide ▲

DAEMON Tools suffered a supply-chain compromise when official installers were trojanized, enabling malicious payload delivery and raising the risk of downstream infection. The tampering began on April 8, 2026 and affected builds from 12.5.0.2421 to 12.5.0.2434. Telemetry showed several thousand infection attempts across more than 100 countries, while only a small subset received the next-stage backdoor. The compromise matters because trusted, signed distribution channels can bypass perimeter defenses and seed targeted follow-on access inside organizations.

Related Happenings

Daemon Tools Lite trojanized installer campaign

Campaign
First: 07.05.2026 12:30 Last: 07.05.2026 12:30 Sources 1

How related: “Starting from early April, we observed several thousands of infection attempts involving Daemon Tools in our telemetry, with individuals and organizations in more than 100 countries being affected,” the cybersecurity firm explained.

About this happening: A **trojanized Daemon Tools Lite installer campaign** is driving **several thousand infection attempts** across **more than 100 countries**, turning a trusted download into a malw...

Open Happening

DAEMON Tools Lite trojanized installer wave

Exploitation Wave
First: 06.05.2026 19:43 Last: 06.05.2026 19:43 Sources 1

How related: As cybersecurity company Kaspersky revealed on Tuesday, hackers trojanized DAEMON Tools Lite installers and used them to backdoor thousands of systems from more than 100 countries that downloaded the software from the official website since April 8.

About this happening: Trojanized **DAEMON Tools Lite** installers backdoored **thousands of systems** in **more than 100 countries**, turning a trusted download path into a broad infection wave. The co...

Open Happening

DAEMON Tools trojanized-installer stealer and backdoor activity

Malware Activity
First: 05.05.2026 22:21 Last: 05.05.2026 22:21 Sources 1

About this happening: A **DAEMON Tools** supply-chain compromise is delivering **trojanized installers** that install a **backdoor** and steal system data from downloaded systems. The activity has run...

Open Happening

QUIC RAT delivered through compromised DAEMON Tools installers

Malware Activity
First: 05.05.2026 19:07 Last: 05.05.2026 19:07 Sources 1

How related: one of the payloads delivered via the backdoor is a remote access trojan dubbed QUIC RAT.

About this happening: A follow-on **QUIC RAT** payload was delivered through compromised **DAEMON Tools installers**, extending the supply-chain intrusion into **remote access** on a small subset of in...

Latest development: 07.05.2026 12:30

Disc Soft released malware-free Daemon Tools Lite Version 12.6 on May 5 after being notified of the supply chain attack on its build environment, and the affected 12.5.1 build was removed from distribution so users could move to the cleaned release.

Open Happening

Dragon Boss Solutions signed adware campaign

Campaign
First: 15.04.2026 20:59 Last: 15.04.2026 20:59 Sources 1

About this happening: The **Dragon Boss Solutions** campaign used **signed adware installers** to push **SYSTEM-privileged** payloads that disabled antivirus and blocked reinstalls, creating a broad fo...

Latest development: 16.04.2026 22:07

Dragon Boss Solutions LLC pushed a malicious Advanced Installer update in the early morning hours of March 22, 2025 that disabled ESET, McAfee, Kaspersky, and Malwarebytes detections, established persistence via scheduled tasks, and added Windows Defender exclusions, while Huntress sinkholed the campaign's primary update domain to limit further abuse.

Open Happening

Timeline

  1. 07.05.2026 12:30 1 articles · 20d ago

    Disc Soft releases fixed Daemon Tools Lite 12.6

    Mitigation Patch Update

    Disc Soft released the malware-free Version 12.6 of Daemon Tools Lite on May 5 after being notified of the supply chain attack, removed the affected 12.5.1 package from support, and said the incident was contained after isolating affected systems, removing compromised files from distribution, auditing the build and release pipeline, rebuilding and validating installation packages, and strengthening internal security controls and monitoring.

    Show sources
    Open in new tab
  2. 05.05.2026 19:07 1 articles · 22d ago

    DAEMON Tools installers are trojanized

    Exploitation Observed

    Official DAEMON Tools installers distributed from the legitimate website were trojanized starting April 8, 2026, and compromised builds 12.5.0.2421 through 12.5.0.2434 included tampered components DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe.

    Show sources
    Open in new tab
  3. 05.05.2026 19:07 1 articles · 22d ago

    Kaspersky discloses the DAEMON Tools compromise

    Initial Disclosure

    Kaspersky says AVB Disc Soft has been notified of the DAEMON Tools breach, and telemetry shows several thousand infection attempts in more than 100 countries while the follow-on backdoor reached only a dozen hosts; affected systems were flagged in retail, scientific, government, and manufacturing organizations in Russia, Belarus, and Thailand, and one delivered payload was QUIC RAT.

    Show sources
    Open in new tab