Updat3
Search
Sign in

Daemon Tools Compromised in Global Supply

Topic: technologyRegion: north americaUpdated: i1 outletsSources: 1Spectrum: Center OnlyFiltered: US/Canada (1/1)· Clear2 min read
📰 Scored from 1 outletsacross 1 Center How we score bias →
Story Summary
SITUATION
Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack Daemon Tools, a widely used app for mounting disk images, has been backdoored in a monthlong compromise that has pushed malicious updates from the servers of its developer, researchers said Tuesday. Kaspersky, the security firm reporting the supply-chain attack, said it began on April 8 and remained active as of the time its post went live.
Coveragetap to expand ▾
Spectrum: Center Only🌍US: 1
Political Spectrum
Position is inferred from coverage mix.
i1 outlets · Center
Left
Center
Right
Left: 0
Center: 1
Right: 0
Geography Coverage
Distribution of where coverage is coming from.
i1 unique outlets · Dominant: US/Canada
KEY FACTS
  • The supply-chain attack on Daemon Tools began on April 8, 2026, and was still active at the time of reporting (per arstechnica.com).
  • Malicious updates were pushed from the developer's servers, infecting Daemon Tools executables (per arstechnica.com).
  • The compromised versions of Daemon Tools are 12.5.0.2421 through 12.5.0.2434 (per arstechnica.com).
HISTORICAL CONTEXT

This development falls within the broader context of Technology activity in North America. Current reporting indicates: Kaspersky, the security firm reporting the supply-chain attack, said it began on April 8 and remained active as of the time its post went live.

Installers that are signed by the developer’s official digital certificate and downloaded from its website infect Daemon Tools executables, causing the malware to run at boot time. Such attacks are hard to defend against because users are infected when they do nothing more than install digitally signed updates available through official channels.

Brief

Daemon Tools, a widely used application for mounting disk images, has been compromised in a significant supply-chain attack that began on April 8, 2026. The attack involved the distribution of malicious updates directly from the developer's servers, affecting thousands of machines in over 100 countries.

This breach highlights the vulnerabilities inherent in supply-chain attacks, where users are infected despite downloading updates from official channels. The compromised versions, 12.5.0.2421 through 12.5.0.2434, were signed with the developer's official digital certificate, which typically assures users of the software's authenticity.

This attack underscores the challenges in defending against such threats, as users unknowingly install malware that activates at boot time. Kaspersky, the security firm that reported the attack, has provided detailed technical insights into the breach, although it remains unclear how the attackers initially infiltrated the developer's systems.

The global reach of this attack, targeting machines across more than 100 countries, demonstrates the widespread impact and potential risks associated with compromised software updates. As the attack continues to be active, users of Daemon Tools are urged to verify their software versions and seek guidance on mitigating potential risks.

This incident serves as a stark reminder of the importance of robust security measures and the need for vigilance in software supply chains.

Why it matters
  • Users of Daemon Tools in over 100 countries face potential security risks due to the compromised updates, which could lead to unauthorized access or data breaches.
  • The developers of Daemon Tools and other software companies may need to reassess their security protocols to prevent similar supply-chain attacks in the future.
  • Security firms like Kaspersky play a crucial role in identifying and mitigating such threats, highlighting the importance of cybersecurity expertise in protecting digital infrastructure.
What to watch next
  • Whether the developers of Daemon Tools issue a security patch to address the compromised versions.
  • Any further technical analysis or updates from Kaspersky regarding the attack's origin and scope.
  • Potential regulatory or industry responses to improve supply-chain security for software developers.
Where sources differ
1 dimension
Omitted context
?
  • No source mentions the specific method used by attackers to infiltrate the developer's servers.
  • The economic impact on the developer of Daemon Tools due to this breach is not discussed.
  • Potential legal or regulatory consequences for the developer are not addressed.
Sources
1 of 1 linked articles · Filter: US/Canada