5532

Unknown actors compromised Daemon Tools' official installers in a supply-chain attack on 8 April 2026, distributing backdoored versions to thousands of machines across more than 100 countries. Most infections deployed a basic information collector, while a selected subset of targets in government, science, manufacturing, and retail received a more sophisticated implant (Quic RAT). Kaspersky publicly reported the activity on 5 May 2026 and Disc Soft patched the installers within hours and advised users to update.