Disc Soft confirmed a targeted supply chain attack on Daemon Tools Lite version 12.5.1, where Chinese-speaking threat actors trojanized installation packages released between April 8 and May 5, 2026. The injected code downloaded an information collector and selectively deployed backdoors on systems in government, scientific, manufacturing, and retail sectors in Belarus, Russia, and Thailand. The company isolated affected systems, removed compromised files, and rebuilt installation packages, releasing a clean version 12.6.0.2445. The incident was contained with no impact on other Daemon Tools products. Users who installed the compromised version should uninstall and scan their systems. Disc Soft is reviewing infrastructure and enhancing verification to reduce future risks.

The supply chain attack resulted in the distribution of trojanized Daemon Tools Lite installers that infected thousands of machines, with selective backdoor deployment on a limited number of targeted systems in Belarus, Russia, and Thailand. The compromised version was limited to Daemon Tools Lite 12.5.1. Other Daemon Tools products were unaffected. The attack enabled information collection and potential unauthorized access on targeted systems. The vendor has contained the incident and removed compromised files from distribution.

Disc Soft has contained the incident by isolating affected systems, removing compromised files, and releasing a clean Daemon Tools Lite version 12.6.0.2445. Users who downloaded the compromised version 12.5.1 should uninstall it and perform malware scans on their systems. The vendor is enhancing verification procedures to prevent recurrence. No further action is required for users of other Daemon Tools products. Patch status is confirmed as fixed with the release of the clean version.