DAEMON Tools malware supply chain attack infecting official software installers on Windows systems

A major supply chain attack has compromised official DAEMON Tools installers, allowing attackers to distribute malware through digitally signed software downloads. Security researchers discovered that infected installer versions silently executed malicious commands, downloaded payloads, and established remote access backdoors on affected Windows systems. The attack remained active for nearly a month before being detected, impacting users and organizations across more than 100 countries.

DAEMON Tools malware supply chain attack infecting official software installers on Windows systemsDAEMON Tools malware supply chain attack infecting official software installers on Windows systems

The malware used in the campaign enabled attackers to collect sensitive system information, execute shell commands, and inject malicious code into legitimate Windows processes. Researchers also identified the deployment of QUIC RAT, a remote access trojan capable of persistent control over compromised devices. While thousands of infection attempts were recorded globally, only selected targets received advanced second-stage payloads, indicating a focused espionage-style operation against government, manufacturing, scientific, and retail sectors.

Cybersecurity experts warn that supply chain attacks like this are especially dangerous because users trust digitally signed software downloaded from official vendor websites. Organizations are strongly advised to uninstall affected versions immediately, run full security scans, and update to the latest patched release. NPAV EPS uses Zero Deep Learning AI to detect suspicious behavior, malware execution, privilege escalation, and supply chain attack activity before it spreads across enterprise environments.


NPAV EPS uses Zero Deep Learning AI to detect malicious behavior, supply chain attacks.