Misryoum reports Disc Soft says a supply-chain breach trojanized DAEMON Tools Lite installers, and a clean version is now available.
DAEMON Tools users have a clear reason to pay attention: Misryoum reports that the software’s maker has confirmed its installers were compromised in a supply chain attack.
Disc Soft. the company behind DAEMON Tools Lite. says it discovered unauthorized interference in its infrastructure that led to certain installation packages being released in a compromised state.. In response, the firm has issued a malware-free update, pointing to DAEMON Tools Lite version 12.6 as the safe release.
Misryoum notes that this kind of incident is especially damaging because it targets installers that many users trust and install without additional checks. The fix is straightforward, but the risk is a reminder that “official download” does not always guarantee safety.
In its statement, Disc Soft said it has secured its infrastructure while investigations continue, including efforts to understand how the systems were accessed. It also clarified that other DAEMON Tools products are not affected, and users of paid and other editions can continue using them normally.
For DAEMON Tools Lite. the company is telling users who downloaded or installed version 12.5.1 (the free release) since April 8 to uninstall the application. run a full scan with security or antivirus software. and then install the latest version (12.6) from the official website.. Disc Soft also removed the affected release from support, and added a warning to encourage users to update.
This matters because the scope of impact is tied to what version people installed and when. Even if a breach is limited to one release line, the cleanup step is still on users to ensure the compromised files are removed.
Misryoum also reports that the broader investigation described the trojanized installers as digitally signed and designed to establish malicious persistence after execution.. The attacker activity reportedly included collecting system information for victim profiling and. in some cases. delivering an additional backdoor component capable of executing commands and running code.
As of the latest update shared in connection with the incident, Misryoum says the newly released DAEMON Tools Lite 12.6.0 is not exhibiting the malicious behavior reported earlier. Users are urged to switch to the latest version to reduce the chance of remaining infection.
In the end, the takeaway from this incident is simple: for software distributed at scale, supply chain security is as critical as the app itself. Staying current and verifying what’s running on your device remains one of the most practical defenses.