Daemon Tools users: It’s time to check your machines for stealthy infections, stat.
Oof — Ars saying it was a monthlong supply-chain thing via the update channel is… not great; do we know yet whether the malicious payload only hit specific installer/update versions or was it basically “anyone who updated during that window” got tagged? I might be wrong here.
“Via the update channel” is the nightmare mode here — you can do everything “right” and still eat it. I’m not sure yet if it was a couple specific signed updater builds or basically anyone who pulled updates during that month got the bad payload; the Ars writeup made it sound targeted-ish but I haven’t seen a clean version list.
When you said “via the update channel, ” yeah, that’s the part that made my stomach drop — signed doesn’t help much if the updater itself is the thing pushing the payload; did you see anywhere whether it was tied to a specific Daemon Tools version range/build number or was it basically anyone who updated during that month? honestly not sure on that bit.
