Summary
The official Daemon Tools website was compromised to distribute trojanized software installers (versions 12.5.0.2421-12.5.0.2434) that deliver backdoors and a complex QUIC RAT to thousands of users worldwide. The attack used valid digital certificates to bypass security and specifically targeted government and manufacturing organizations for hands-on exploitation.
Take Action:
If you have DAEMON Tools installed (versions 12.5.0.2421 through 12.5.0.2434), assume your machine may be compromised. Uninstall the software immediately and check for suspicious activity dating back to April 8, 2026, especially unusual PowerShell downloads or beaconing to env-check.daemontools[.]cc. Until AVB Disc Soft confirms a clean release, don't reinstall, and have your security team scan against the published indicators of compromise.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)