Daemon Tools Compromised to Deliver Backdoors (Updated)
Attackers have compromised the official Daemon Tools download site to distribute trojanized installers that deploy backdoors and information-stealing malware.
Kaspersky researchers have identified a supply chain compromise affecting the popular Windows utility Daemon Tools. Since April 8, 2026, the official download site, Deamon-tools[.]cc, has been distributing trojanized installers that appear to be legitimate but contain malicious backdoors.
Once a user installs the compromised software, the binaries silently connect to an attacker-controlled server to download a .NET-based information collector. This malware is capable of harvesting sensitive system details from the infected machine, posing a significant risk to the wide user base of the tool, which includes gamers, IT professionals, and developers.
This incident highlights the ongoing risk of supply chain attacks targeting widely used software. Users who have downloaded Daemon Tools recently are advised to verify their installations and monitor for suspicious network activity. The discovery follows reports of similar compromises, emphasizing the importance of verifying software sources and using security tools to detect unauthorized system modifications. Help Net Security, [Kaspersky]