Your disk mounting app was a delivery vehicle for malware. For a month.
Trust is expensive. And in May 2026, Daemon Tools users paid for it without knowing they’d placed an order. Kaspersky researchers uncovered that Daemon Tools — the veteran Windows utility millions use to mount disk images — had been quietly backdoored through a supply-chain attack that ran for weeks, pushing signed malicious updates to users globally.
Signed. Malicious. Updates. That combination is what makes this one sting.
What Actually Happened
According to Kaspersky’s findings, the compromise began around April 8, 2026. Attackers managed to trojanize the software’s installers, meaning anyone who downloaded or updated Daemon Tools during that window received a poisoned package. The attack ran for roughly a month before it was caught. The malicious updates were signed — which means they carried a digital certificate that told Windows “this is legitimate software, trust it.” Windows trusted it. Your security tools probably did too.
This is the defining feature of a supply-chain attack: the attacker doesn’t need to trick you into downloading something sketchy. They compromise the source you already trust, then let your own update habits do the rest. You did everything right. You kept your software updated. And that’s exactly how they got in.
Why This Hits Different for the AI Tools Space
I cover AI agents and automation tools for a living. And the thing that keeps me up at night isn’t some rogue model going off-script — it’s the infrastructure underneath all of it. Daemon Tools is the kind of utility that lives quietly in the background of a developer’s or power user’s machine. It’s not glamorous. Nobody writes breathless reviews about disk image mounting software. But it sits on the same machine as your API keys, your local model weights, your agent configs, your credentials.
When that quiet, trusted utility gets backdoored, the blast radius isn’t just “one app is compromised.” It’s everything that app shares a machine with. For anyone running local AI workflows, automation pipelines, or agent environments on Windows, that’s a genuinely uncomfortable thought.
The Supply Chain Problem Isn’t Going Away
This isn’t the first supply-chain attack and it won’t be the last. What’s notable here is the target: Daemon Tools isn’t a niche developer tool or an obscure plugin. It’s been around since the early 2000s. It has a massive, global user base. Attackers clearly did the math — a widely installed, frequently updated, deeply trusted utility is a high-value target precisely because of those qualities.
The attack also highlights a gap that no amount of personal vigilance fully closes. You can use strong passwords, run endpoint protection, and avoid suspicious downloads. But if the software vendor’s build or distribution pipeline gets compromised, your careful habits become the attack vector. The update mechanism you rely on for security becomes the delivery system for the threat.
What You Should Actually Do
- Check your install history. If you updated or installed Daemon Tools between early April and early May 2026, assume you received a compromised build until you can confirm otherwise.
- Run a thorough scan. Use an updated endpoint security tool — Kaspersky published findings, so their signatures should detect the payload. Other major vendors will follow.
- Audit what was on that machine. Credentials, tokens, API keys, SSH keys — if they lived on a machine running a backdoored version, treat them as potentially exposed and rotate them.
- Reconsider your update posture. Automatic updates are generally good practice, but for non-critical utilities, a short delay before applying updates gives the security community time to catch issues like this.
The Honest Takeaway
Supply-chain attacks are a structural problem, not a user error problem. Daemon Tools users didn’t do anything wrong. The researchers at Kaspersky who caught this did their job well. But the month-long window before discovery is a reminder that these compromises can run quietly for a long time before anyone notices.
For anyone building on top of AI tools and agents — where local environments are increasingly complex and credential-rich — this is a useful, if uncomfortable, reminder to treat your supporting infrastructure with the same scrutiny you’d apply to the AI layer itself. The weakest link in your stack isn’t always the newest or most interesting piece of it.
Sometimes it’s the app you forgot you installed in 2019 and haven’t thought about since.
🕒 Published: