In today’s interconnected software ecosystem, even trusted platforms can become targets of increasingly sophisticated attacks. In this case, DAEMON Tools Lite was affected by such an incident.
We are aware of recent reports describing a potential supply chain security incident affecting DAEMON Tools Lite. Following an internal investigation, we identified unauthorized interference within our infrastructure. As a result, certain installation packages were impacted within our build environment and were released in a compromised state.
Our response
Upon detection of the issue, we immediately initiated a response process, which included:
- isolating and securing affected systems;
- removing all potentially compromised files from distribution;
- auditing the build and release pipeline;
- rebuilding and validating installation packages;
- strengthening internal security controls and monitoring systems;
Version 12.6 of DAEMON Tools Lite, which does not contain the suspected compromised files, was released on May 5.
These measures were implemented within less than 12 hours from the moment we received notification at approximately 07:00 GMT on May 5. We are also enhancing our verification procedures to further reduce the risk of similar incidents in the future.
Scope and investigation
Our investigation is ongoing as we continue to analyze the root cause and full scope of the incident. At this stage, we are not attributing the incident to any specific third party. We are carefully reviewing all components of our infrastructure to ensure a complete and accurate understanding of what occurred.
Current status
At this moment, we have secured our infrastructure and removed all affected files from circulation.
All currently available versions of DAEMON Tools Lite have been verified to ensure their integrity and safety. The affected version (12.5.1) has been removed and is no longer supported. The latest version (12.6.0.2445) no longer exhibits the behavior associated with the incident, as reflected in updated analysis published by Kaspersky.
Based on our current assessment, the issue is contained, and there is no ongoing risk for users downloading the latest versions from official sources.
We would also like to emphasize that this incident did not affect other products developed by Disc Soft Limited. DAEMON Tools Ultra, DAEMON Tools Pro, and all other products remain fully operational and safe to use.
What this means for users
If you downloaded or installed DAEMON Tools Lite version 12.5.1 (free) during the affected period, we recommend taking the following precautions:
- uninstall the application;
- run a full system scan using trusted security or antivirus software;
- download the latest version of DAEMON Tools Lite (12.6) from the official website.
Users of other DAEMON Tools products, including paid versions of DAEMON Tools Lite, DAEMON Tools Ultra, and DAEMON Tools Pro are not affected by this incident and can continue using their software as usual.
Moving forward
We take this incident seriously and fully recognize the trust users place in our software.
The DAEMON Tools team at Disc Soft Limited appreciates the efforts of the cybersecurity research community, including Kaspersky’s Global Research and Analysis Team, in identifying and analyzing this issue. Industry collaboration plays an essential role in detecting and mitigating complex threats.
We want to reassure our users that maintaining the security and reliability of our products remains our top priority. Our team continues to strengthen our infrastructure and internal processes to ensure the highest standards of protection going forward.
