DAEMON Tools trojanized in supply chain breach, patched version released

Disc Soft Limited has confirmed that DAEMON Tools Lite, a widely used disc imaging utility, was compromised in a supply chain attack. The company released a malware-free version following discovery that attackers had trojanized the software.

The breach represents a classic supply chain compromise: adversaries inserted malicious code into legitimate software distributed through official channels. Users who downloaded affected versions unknowingly installed both the intended application and attacker-controlled malware. Disc Soft has not disclosed the attack timeline, the number of affected downloads, or the malware's capabilities.

DAEMON Tools has been installed on hundreds of millions of systems globally over two decades, making it a high-value target for supply chain operators. The software's legitimate function—mounting virtual drives and managing disc images—grants it elevated system access, a feature attackers can exploit for persistence and lateral movement.

• 01DAEMON Tools users face potential compromise; immediate update required to remove malware.
• 02IT teams must audit systems for indicators of compromise from trojanized versions.
• 03Software vendors under renewed pressure to harden build pipelines and signing infrastructure.
• 04Incident underscores persistent risk of supply chain attacks on widely deployed utilities.