SECURITYWEEK reports that Disc Soft, the Daemon Tools developer, says a intrusion led to a targeted supply chain attack but that the impact was limited to the free version of Daemon Tools Lite.
According to Kaspersky, Chinese-speaking threat actors injected trojanized Daemon Tools iterations released between 8 April and 5 May with code designed to download and execute an information collector, and thousands of computers may have been infected before a dozen were further infected with a backdoor targeting a Russian educational institution. Disc Soft confirmed on 7 May 2026 that hackers compromised certain installation packages, but stated that Daemon Tools Lite was the only product affected.
The company isolated and secured the affected systems, removed potentially compromised files from distribution, rebuilt and validated installation packages, and released Daemon Tools Lite version 12.6.0.2445 on 5 May, offering a clean iteration. Disc Soft says only Daemon Tools Lite version 12.5.1 was compromised and that the incident has been contained, with no impact to Daemon Tools Ultra or Daemon Tools Pro.
Users who downloaded the trojanized release are advised to uninstall Daemon Tools Lite and scan their systems for malware, while Disc Soft also pledged to enhance verification procedures to reduce future risk.