Daemon Tools 12.5.0.2421‑2434 Compromised, 12.6.0.2445 Fixed. Kaspersky flags 12.5.0.2421‑2434 installers compromised; upgrade to 12.6.0.2445

Kaspersky’s Securelist found Daemon Tools installers 12.5.0.2421‑2434 were laced with a back‑door that stole MAC and DNS data and could run commands. Distributed from April 8, 2026, the malware persisted until clean build 12.6.0.2445 appeared on May 4. About 670 000 U.S. users – out of 3 million monthly – should uninstall the affected versions and run a full anti‑malware scan.

6 May 2026

—News

Logan Price

Kaspersky Lab disclosed on May 5, 2026 that the website of Daemon Tools, a widely used disc emulation program, had been compromised with malicious code for more than a month. The infection began with installers released on April 8, 2026 and continued until the company issued a clean version on May 4, 2026.

What happened

According to Kaspersky's Securelist report, the attacker injected malicious payloads into Daemon Tools installers covering versions 12.5.0.2421 through 12.5.0.2434. The compromised installers unpacked several executable files that registered themselves to run at system start up and opened a backdoor that transmitted the computer's MAC address and DNS information to a remote server.

How the malware operated

The backdoor allowed the attacker to execute command line instructions, download additional malicious files, and hijack legitimate Windows processes such as notepad.exe. By leveraging these capabilities, the campaign could expand its reach across private individuals and organizations in more than 100 countries.

Scope of the impact

Daemon Tools reports over 3 million monthly users on its official website. DAEMON Tools official website provides the figure. Analysis of install distribution data estimates that roughly 22.43 percent of those users reside in the United States, translating to about 672,900 American users.

Response from Daemon Tools

The developers were contacted by Kaspersky after the breach was identified. They responded by releasing a corrected installer, version 12.6.0.2445, on May 4, 2026. The new build removes the malicious code and restores the original functionality of the software.

What users should do

All users who installed Daemon Tools between April 8 and May 3, 2026 should uninstall the affected versions and replace them with the clean 12.6.0.2445 release. It is also advisable to run a reputable anti malware scan to ensure no residual components remain.

Why this matters for U.S. consumers

The incident highlights the vulnerability of supply chain pathways that many Americans rely on for everyday computing tasks. With nearly 670,000 U.S. users potentially exposed, the breach underscores the importance of verifying software sources and keeping applications up to date.

Looking ahead

Kaspersky's findings serve as a reminder that threat actors continue to target popular utilities to gain broad access. Security experts recommend that software vendors adopt stricter code signing practices and that users enable automatic updates whenever possible.

What is this about?

Feed

Adobe launches a creative agent. Here is how to automate your tedious workflows

The new Firefly AI Assistant handles project setup and batch tasks so you can focus on design

Tasha Greene3 days ago

Databricks unifies data storage, so you can cut your AI infra costs

New Lakehouse//RT and LTAP products eliminate the need for separate real-time serving tiers

Daniella Cruz3 days ago

Ramp's new AI index reveals the 'AI-pilled' cost: decide if your budget is keeping pace

New data from the Ramp AI Index shows a massive divide in enterprise spending. Learn how to benchmark your organization against the 'AI-pilled' top 1% and determine if your AI investment aligns with industry leaders or sits at the median.

Tasha Greene4 days ago

Mistral AI eyes €3 billion in funding. Here is how it impacts your access to 'sovereign' AI

The French startup's massive valuation offers a path toward privacy-focused alternatives to US giants

Tasha Greene4 days ago

UK's social media ban for kids under 16: What your family needs to know

New rules target major platforms like TikTok and Instagram by a specific age limit

Aurora Fields4 days ago

Helion Energy has become the first company in the world to receive regulatory licenses for a fusion power facility from the Washington Department of Health.

The Washington-based startup is now on track to supply fusion power to Microsoft by 2028

Tasha Greene4 days ago

UW launches an AI minor in 2027. Here is how to prepare your academic path

New curriculum focuses on critical literacy and ethical implications for every major

Tasha Greene4 days ago

Bumblebees solve complex puzzles through sudden insight. See what it means for your view of nature

New research shows insects can achieve "aha moments" previously thought unique to primates

Nadia Bennett4 days ago

Google launches Gemini 3.5 Live Translate. See how it changes your international calls

The new AI model supports 70+ languages and preserves your natural voice in real-time

Tasha Greene11 June 2026

Apple Wallet adds Digital ID in iOS 27. You can now leave your physical passport at home

New features let you scan loyalty cards and split bills using Apple Intelligence

Logan Price10 June 2026

Daemon Tools 12.5.0.2421‑2434 Compromised, 12.6.0.2445 Fixed. Kaspersky flags 12.5.0.2421‑2434 installers compromised; upgrade to 12.6.0.2445

May 6, 2026, 6:34 pm-News

Logan Price

What happened

How the malware operated

Scope of the impact

Response from Daemon Tools

What users should do

Why this matters for U.S. consumers

Looking ahead

Follow topics and authors from this story to get more personalized recommendations and email updates.

Logan Price News Tech

What is this about?

Feed

Helion Energy has become the first company in the world to receive regulatory licenses for a fusion power facility from the Washington Department of Health.

The Washington-based startup is now on track to supply fusion power to Microsoft by 2028

Tasha Greene4 days ago