"The installers have been trojanized since April 8, 2026, with versions ranging from 12.5.0.2421 to 12.5.0.2434 identified as compromised as part of the incident."
"Any time one of these binaries is launched, an implant is activated on the compromised host, designed to send an HTTP GET request to an external server."
"The shell command is used to download and run a series of executable payloads, including envchk.exe, a .NET executable to collect extensive system information."
"The Russian cybersecurity company observed several thousand infection attempts involving DAEMON Tools in its telemetry, impacting individuals and organizations in more than 100 countries."
A supply chain attack has targeted DAEMON Tools software, compromising its installers to deliver malicious payloads. The attack has been active since April 8, 2026, affecting versions 12.5.0.2421 to 12.5.0.2434. The compromised installers, distributed from the legitimate DAEMON Tools website, are signed with the developers' digital certificates. Three components have been tampered with, activating an implant that sends HTTP GET requests to an external server to receive and execute shell commands. Thousands of infection attempts have been observed, impacting users in over 100 countries.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]