DAEMON Tools devs confirm breach, release malware-free version

Disc Soft Limited confirmed that DAEMON Tools Lite was trojanized in a supply chain attack. The company released a new malware free version of the software. The issue was limited to the free DAEMON Tools Lite version. Disc Soft told BleepingComputer that the problem did not affect any of its other products. The company said it implemented a solution within less than 12 hours of identifying the issue. Disc Soft stated it has not identified evidence that all users were impacted. It is not in a position to confirm any impact on paid versions. The company indicated that DAEMON Tools Pro and DAEMON Tools Ultra were not affected. The company said it has secured its infrastructure. It has yet to attribute the attack to a specific threat actor or share details about the attack vector. Version 12.6 of DAEMON Tools Lite was released on May 5 and does not contain the suspected compromised files. Users who downloaded or installed DAEMON Tools Lite version 12.5.1 since April 8 are advised to uninstall the app. They should run a full system scan using security or antivirus software and install the latest version from the official website. Kaspersky revealed that hackers trojanized DAEMON Tools Lite installers. The malicious code was used to backdoor thousands of systems in more than 100 countries. The affected versions ranged from 12.5.0.2421 to 12.5.0.2434. The first stage malware collected system data including hostname, MAC address, running processes, installed software, and system locale. It sent the data to attacker controlled servers. Some infected systems received a second stage lightweight backdoor that can execute commands, download files, and run code directly in memory. In at least one case Kaspersky observed deployment of QUIC RAT malware. Victims included retail, scientific, government, and manufacturing organizations in Russia, Belarus, and Thailand. Home users in Russia, Brazil, Turkey, Spain, Germany, France, Italy, and China were also affected. Kaspersky confirmed that DAEMON Tools Lite 12.6.0 no longer exhibits malicious behavior.