In early May 2026, Kaspersky researchers identified installers of the DAEMON Tools software, used for mounting disk images, to be compromised with a malicious payload. These installers are distributed from the legitimate website of DAEMON Tools and are signed with digital certificates belonging to DAEMON Tools developers.
Kaspersky analysis revealed that the software installers have been trojanized starting from April 8, 2026. Specifically, the researchers identified versions of DAEMON Tools ranging from 12.5.0.2421 to 12.5.0.2434 to be compromised. Artifacts suggesting that the threat actor behind this attack is Chinese-speaking have been identified in the malicious implants observed.
UPD 5/6/26: Following disclosure, the vendor acknowledged the issue and published a new software version intended to address it. The updated release 12.6.0.2445 no longer includes the malicious behavior described in this article.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Critical RCE Vulnerability Found in Cisco WebEx Extensions, Again — Patch Now!
July 17, 2017
A highly critical vulnerability has been discovered in the Cisco Systems’ WebEx browser extension for Chrome and Firefox, for the second time in this year, which could allow attackers to remotely execute malicious code on a victim’s computer. Cisco WebEx is a popular communication tool for online events, including meetings, webinars and video conferences that help ...
- NSA Advocates Data Sharing Framework
June 23, 2017
The economics of cybersecurity are skewed in favor of attackers, who invest once and can launch thousands of attacks with a piece of malware or exploit kit. That’s why Neal Ziring, technical director for the NSA’s Capabilities Directorate, wants to flip the financial equation on bad guys. “We need to conduct defenses in a way that ...