DAEMON Tools trojanized in supply-chain attack to deploy backdoor
DAEMON Tools trojanized in supply-chain attack to deploy backdoor
Publish Date: 2026-05-05 15:21:18
Source Domain: www.bleepingcomputer.com
To quickly summarize the article, cybersecurity company Kaspersky has identified a widespread supply-chain attack targeting the DAEMON Tools software, which led to thousands of infections across more than 100 countries since April 8. Despite the large number of initial infections, only a dozen systems received further malicious payloads. The trojanized versions of DAEMON Tools versions from 12.5.0.2421 through 12.5.0.2434 compromised various binaries. Although Kaspersky does not specify the attacker, based on initial payload strings, they suspect a Chinese-speaking perpetrator. The attack highlights vulnerabilities in software supply chains. The attacker’s actions led to systems in Russia, Belarus, and Thailand receiving advanced payloads designed to execute commands, download files, and run malicious code that were highly targeted towards strategic entities.
Key Points:
– The supply-chain attack involved trojanized installers of DAEMON Tools software.
– The attack resulted in widespread infections, albeit a smaller subset received targeted payloads.
– Affected sectors include retail, scientific, government, and manufacturing in Russia, Belarus, and Thailand.
– Kaspersky’s investigation found the compromised software versions ranging from 12.5.0.2421 through 12.5.0.2434.
– Kaspersky believes the perpetrator is Chinese-speaking but does not explicitly attribute the attack to a particular group.
