Daemon Tools Lite trojanized installer campaign
Campaign
Summary
Hide ▲
Show ▼
A trojanized Daemon Tools Lite installer campaign is driving several thousand infection attempts across more than 100 countries, turning a trusted download into a malware delivery channel. The operation began on April 8 and used compromised installers distributed through the software's normal download path. Only a small subset of victims received later-stage payloads, including Quic RAT, suggesting a narrower follow-on intrusion phase.
Related Happenings
DAEMON Tools Lite trojanized installer wave
Exploitation Wave
First: 06.05.2026 19:43
Last: 06.05.2026 19:43
Sources 1
How related:
Earlier this week, Kaspersky warned that Daemon Tools software installers distributed from the main website had been Trojanized since April 8.
About this happening:
Trojanized **DAEMON Tools Lite** installers backdoored **thousands of systems** in **more than 100 countries**, turning a trusted download path into a broad infection wave. The co...
DAEMON Tools Lite trojanized installer wave
Exploitation WaveHow related: Earlier this week, Kaspersky warned that Daemon Tools software installers distributed from the main website had been Trojanized since April 8.
About this happening: Trojanized **DAEMON Tools Lite** installers backdoored **thousands of systems** in **more than 100 countries**, turning a trusted download path into a broad infection wave. The co...
DAEMON Tools trojanized-installer stealer and backdoor activity
Malware Activity
First: 05.05.2026 22:21
Last: 05.05.2026 22:21
Sources 1
About this happening:
A **DAEMON Tools** supply-chain compromise is delivering **trojanized installers** that install a **backdoor** and steal system data from downloaded systems. The activity has run...
DAEMON Tools trojanized-installer stealer and backdoor activity
Malware ActivityAbout this happening: A **DAEMON Tools** supply-chain compromise is delivering **trojanized installers** that install a **backdoor** and steal system data from downloaded systems. The activity has run...
QUIC RAT delivered through compromised DAEMON Tools installers
Malware Activity
First: 05.05.2026 19:07
Last: 05.05.2026 19:07
Sources 1
How related:
However, it observed one victim organization, an education institution in Russia, which had been infected with the Quic RAT malware, which is capable of injecting payloads into notepad.exe and conhost.exe processes.
About this happening:
A follow-on **QUIC RAT** payload was delivered through compromised **DAEMON Tools installers**, extending the supply-chain intrusion into **remote access** on a small subset of in...
QUIC RAT delivered through compromised DAEMON Tools installers
Malware ActivityHow related: However, it observed one victim organization, an education institution in Russia, which had been infected with the Quic RAT malware, which is capable of injecting payloads into notepad.exe and conhost.exe processes.
About this happening: A follow-on **QUIC RAT** payload was delivered through compromised **DAEMON Tools installers**, extending the supply-chain intrusion into **remote access** on a small subset of in...
Latest development: 07.05.2026 12:30
Disc Soft released malware-free Daemon Tools Lite Version 12.6 on May 5 after being notified of the supply chain attack on its build environment, and the affected 12.5.1 build was removed from distribution so users could move to the cleaned release.
AVB Disc Soft hit by network compromise
Incident
First: 05.05.2026 19:07
Last: 05.05.2026 19:07
Sources 1
How related:
“Following an internal investigation, we identified unauthorized interference within our infrastructure,” it confirmed in a post on May 7.
About this happening:
**DAEMON Tools** suffered a **supply-chain compromise** when **official installers** were **trojanized**, enabling malicious payload delivery and raising the risk of downstream in...
AVB Disc Soft hit by network compromise
IncidentHow related: “Following an internal investigation, we identified unauthorized interference within our infrastructure,” it confirmed in a post on May 7.
About this happening: **DAEMON Tools** suffered a **supply-chain compromise** when **official installers** were **trojanized**, enabling malicious payload delivery and raising the risk of downstream in...
Latest development: 07.05.2026 12:30
Disc Soft released the malware-free Version 12.6 of Daemon Tools Lite on May 5 after being notified of the supply chain attack, removed the affected 12.5.1 package from support, and said the incident was contained after isolating affected systems, removing compromised files from distribution, auditing the build and release pipeline, rebuilding and validating installation packages, and strengthening internal security controls and monitoring.
Dragon Boss Solutions LLC adware malicious update
Malware Activity
First: 16.04.2026 22:07
Last: 16.04.2026 22:07
Sources 1
About this happening:
A **March 22, 2025** malicious update turned **Dragon Boss Solutions LLC** adware into an **AV-disabling** payload, exposing nearly **24,000 systems** to follow-on abuse. The upda...
Dragon Boss Solutions LLC adware malicious update
Malware ActivityAbout this happening: A **March 22, 2025** malicious update turned **Dragon Boss Solutions LLC** adware into an **AV-disabling** payload, exposing nearly **24,000 systems** to follow-on abuse. The upda...
Timeline
-
07.05.2026 12:30 2 articles · 20d ago
Daemon Tools installers are Trojanized
Campaign Scope UpdateDaemon Tools software installers distributed from the main website were Trojanized starting on April 8, 2026, and Kaspersky later observed several thousand infection attempts across more than 100 countries, with a small subset of victims receiving further-stage payloads including Quic RAT.
Show sources
- Daemon Tools Developer Confirms Software Was Trojanized — www.infosecurity-magazine.com — 07.05.2026 12:30
- Daemon Tools Developer Confirms Software Was Trojanized — www.infosecurity-magazine.com — 07.05.2026 12:30
-
07.05.2026 12:30 1 articles · 20d ago
Disc Soft releases clean Daemon Tools Lite 12.6
Mitigation Patch UpdateDisc Soft released Daemon Tools Lite Version 12.6 on May 5, 2026, removed the affected 12.5.1 build from support, and said the latest 12.6.0.2445 package no longer showed the malicious behavior tied to the supply chain compromise.
Show sources
- Daemon Tools Developer Confirms Software Was Trojanized — www.infosecurity-magazine.com — 07.05.2026 12:30
-
07.05.2026 12:30 1 articles · 20d ago
Disc Soft confirms build compromise and containment
Initial DisclosureOn May 7, 2026, Disc Soft said internal investigation found unauthorized interference within its infrastructure, that certain installation packages had been released in a compromised state, and that affected systems were isolated while compromised files were removed from distribution and the build pipeline was audited.
Show sources
- Daemon Tools Developer Confirms Software Was Trojanized — www.infosecurity-magazine.com — 07.05.2026 12:30