Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack

Kaspersky reported a supply-chain compromise of the free DAEMON Tools Lite installer that infected about 100 organizations worldwide and delivered follow-on payloads: a minimal backdoor able to execute commands, download files and run in-memory shellcode, and a more complex backdoor dubbed QUIC RAT that injects into system processes and supports many C2 protocols (HTTP, UDP, TCP, WSS, QUIC, DNS, HTTP/3). The attackers deployed the more sophisticated payload only to a small set of machines in government, scientific, manufacturing and retail organizations, indicating targeted intent; affected systems were primarily in Russia, Brazil, Turkey, Spain, Germany, France, Italy and China. DAEMON Tools stated the issue was limited to the free Lite version and mitigated within 12 hours; Kaspersky recommends full AV scans, checking listed IOCs, and monitoring for suspicious code injections from executables launched from public directories.