Disc Soft, the developer behind Daemon Tools, has acknowledged a security breach that resulted in a supply chain attack. The compromise was unveiled earlier this week when cybersecurity firm Kaspersky alerted that numerous computers had potentially downloaded malware-laden versions of Daemon Tools from the official website.
Discovery of the Security Breach
Kaspersky’s investigation revealed that the attack, attributed to Chinese-speaking cybercriminals, involved injecting malicious code into Daemon Tools versions released between April 8 and May 5. This code was programmed to download and execute an information-stealing application. Among the thousands of compromised systems, the attackers specifically targeted a select few, installing a backdoor on approximately a dozen devices and a more sophisticated backdoor on a Russian educational institution.
Targeted Organizations and Response
The initial backdoor was detected in various sectors, including government, scientific, manufacturing, and retail organizations across Belarus, Russia, and Thailand. In response to these revelations, Disc Soft confirmed on Wednesday that certain installation files had been compromised but emphasized that the impact was restricted to the free version of Daemon Tools Lite.
Following the breach disclosure, Disc Soft acted swiftly to isolate and secure the affected systems. They removed potentially compromised files from distribution channels, reconstructed and verified the installation packages, and released a clean version of Daemon Tools Lite, version 12.6.0.2445, on May 5.
Ongoing Investigation and User Instructions
Disc Soft stated that their investigation is still ongoing as they work to determine the root cause and full extent of the breach. Although they have not attributed the attack to any specific third party, they are conducting a thorough review of their infrastructure to gain a complete understanding of the incident. The company clarified that only Daemon Tools Lite version 12.5.1 was affected, and no other products, such as Daemon Tools Ultra and Pro, were compromised.
Users who downloaded the affected software version are advised to uninstall Daemon Tools Lite and perform a malware scan on their systems. To prevent similar incidents in the future, Disc Soft is enhancing their verification procedures.
Related news links provide insights into other recent supply chain attacks, including vulnerabilities in Gemini CLI and SAP NPM packages, as well as a flaw in MCP that could potentially lead to widespread AI supply chain attacks.
