Kaspersky Uncovers Targeted Supply Chain Attack on DAEMON Tools Software

Kaspersky researchers have revealed an ongoing supply chain attack targeting the official DAEMON Tools website, where trojanized installers were distributed from April 8 through early May 2026. These malicious installers deployed payloads and backdoor malware on victim systems, primarily targeting retail, scientific, government, and manufacturing organizations. The vendor, AVB Disc Soft, acknowledged the compromise and released a patched version (12.6.0.2445) on May 6, 2026.

Context

Kaspersky's findings reveal that the attack occurred via the official DAEMON Tools website, affecting users who downloaded compromised installers. DAEMON Tools is widely used across various sectors, making the impact of this attack potentially extensive. The vendor, AVB Disc Soft, has confirmed the breach and responded by issuing a patched version of the software.

Why it matters

The discovery of a targeted supply chain attack highlights vulnerabilities in software distribution channels, which can compromise a wide range of organizations. Such attacks can lead to significant data breaches and operational disruptions. Understanding these threats is crucial for organizations to enhance their cybersecurity measures and protect sensitive information.

Implications

The attack may lead to increased scrutiny of supply chain security practices among software vendors. Organizations in the affected sectors may need to reassess their cybersecurity strategies and implement stronger defenses. Users may experience disruptions as they update their systems and address potential vulnerabilities.

What to watch

Organizations that use DAEMON Tools should prioritize updating to the latest version to mitigate risks. Ongoing investigations may reveal further details about the attackers and their methods. Monitoring for any reports of compromised systems or data breaches following this incident will be essential.