Hackers compromise Daemon Tools in global supply-chain attack, researchers say

Hackers compromised Daemon Tools Lite installers distributed via the official site, embedding backdoors that executed at startup to collect system data and, in select high‑value cases, deliver a more advanced implant (Quic RAT). Kaspersky observed the campaign beginning around April 8, impacting thousands of machines across 100+ countries and selectively targeting organizations in sectors such as government, science, manufacturing and retail; attribution remained unconfirmed though Chinese‑language elements were noted.