DAEMON Tools trojanized in supply-chain attack to deploy backdoor

📅 5 May 2026 at 19:21 UTC📰 Bleeping ComputerView original source ↗

Hackers trojanized installers for the DAEMON Tools software and since April 8, delivered a backdoor to thousands of systems that downloaded the product from the official website. [...]

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

A supply-chain attack using trojanized DAEMON Tools installers deployed a backdoor to thousands of systems, with targeted high-value targets receiving next-stage payloads in Russia, Belarus, and Thailand.

⚙️Technical Details

Affected Systems

Systems that downloaded DAEMON Tools software from the official website after April 8

Attack Vectors

Digitally signed trojanized installersCompromised binaries (DTHelper.exe, DiscSoftBusServiceLite.exe, DTShellHlp.exe)

💥Impact Assessment

Severity: high

Who Is at Risk

Retail organizations in Russia, Belarus, and ThailandScientific organizations in Russia, Belarus, and ThailandGovernment organizations in Russia, Belarus, and ThailandManufacturing organizations in Russia, Belarus, and ThailandSeverity: high

🛡️Recommended Actions

1Carefully examine machines that had DAEMON Tools installed for abnormal cybersecurity-related activities

2Monitor systems for suspicious activity and implement additional security controls

3Update software to the latest version and verify digital signatures

📦Affected Products

Software:DAEMON ToolsVersion Range:12.5.0.242112.5.0.2434

Read the full article

This is a curated summary. The complete article is available at Bleeping Computer.

Read on Bleeping Computer ↗

← Back to feed