A critical supply chain attack on AVB Disc Soft has resulted in the distribution of trojanized DAEMON Tools Lite installers capable of bypassing security controls.

Attackers compromised the vendor's build infrastructure to inject malicious code into three binaries (DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe), which were then distributed as legitimate updates.

This breach allows attackers to gain persistence and unauthorized control over any system that installed the compromised software. With a CVSS score of 9.8, the ability of these binaries to bypass signature-based detection creates an extreme risk of widespread malware infection and data exfiltration.

Immediate Action: Uninstall the affected versions of DAEMON Tools Lite immediately and perform a forensic scan for indicators of compromise (IoC) on affected systems.

Proactive Monitoring: Monitor for unexpected network traffic from the mentioned binaries and audit system integrity for unauthorized persistent services.

Compensating Controls: Use EDR solutions to perform behavioral analysis on existing installations of the software to detect malicious activity that signature-based detection might miss.

Public Exploit Available: Yes

Organizations should treat any system that had this software installed as potentially compromised. Immediate removal and thorough investigation are required to prevent further malicious activity within the environment.