CVE-2026-8398
CriticalSummary
A supply chain attack compromised the official installation packages of DAEMON Tools Lite in versions 12.5.0.2421 to 12.5.0.2434, distributed from the legitimate website daemon-tools.cc between April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the vendor's build or distribution infrastructure and trojanized three binaries.
Risk Assessment
The infected files were digitally signed with the AVB Disc Soft certificate, allowing them to bypass signature-based detection. This poses a serious risk to users who may install malicious software believing it to be trustworthy.
Recommendation
It is recommended to immediately check and remove installed versions of DAEMON Tools Lite and to download software only from official sources after confirming their integrity. Additionally, systems should be monitored for potential threats.
Original NVD description (English source)
A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434), distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the vendor's (AVB Disc Soft) build or distribution infrastructure and trojanized three binaries: DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe. These files were digitally signed with the legitimate AVB Disc Soft code-signing certificate, allowing the malicious installers to appear trustworthy and bypass signature-based detection.

