Advisories 7 May 2026 / 0 Comments

DAEMON Tools Supply Chain Attack – Official Installers Trojanized Since April 8, 2026

Scope: DAEMON Tools Lite (Versions 12.5.0.2421 – 12.5.0.2434)

Severity: Red

Attackers compromised the official DAEMON Tools download site to distribute trojanized installers signed with legitimate developer certificates active since April 8, 2026, deploying a backdoor that activates at system startup, collects system profiling data, and selectively pushes additional payloads — including a sophisticated QUIC RAT — to government, scientific, manufacturing, and retail targets across more than 100 countries. The malware embeds into three legitimate binaries (DTHelper.exe, DiscSoftBusServiceLite.exe, DTShellHlp.exe) and contacts a typosquatting C2 domain for further instructions. Organizations should immediately identify and remove DAEMON Tools Lite versions 12.5.0.2421–12.5.0.2434, upgrade to the clean version 12.6, audit affected systems for anomalous activity from April 8 onwards, and rotate any credentials on systems where these versions were installed.

The Uganda National CERT and Coordination Center (CERT.UG/CC) encourages users and administrators to review the recommendations and apply the necessary updates.

DAEMON Tools Supply Chain Attack – Official Installers Trojanized Since April 8, 2026

Apache HTTP Server HTTP/2 Double-Free Vulnerability Enabling DoS and RCE (CVE-2026-23918)

Recent Advisories

Categories

Contact info

Useful Links

Subscribe to our Mailing List

DAEMON Tools Supply Chain Attack – Official Installers Trojanized Since April 8, 2026

RELATED ADVISORIES

Apache HTTP Server HTTP/2 Double-Free Vulnerability Enabling DoS and RCE (CVE-2026-23918)

Recent Advisories

Categories