HQ/EMEAFind out how we can help your business
Maintainers of the Free Download Manager (FDM) confirmed a security breach in 2020. They claimed that a Ukrainian hacker group was distributing malicious Linux software. This incident occurred recently after its maintainers revealed a cybersecurity issue that impacted a small subset of users who downloaded FDM for Linux between 2020 and 2022.
This popular download manager acknowledged the breach in a recent notification and estimated that less than 0.1% of its website visitors could have suffered exposure to the malware. This minimal impact likely contributed to the incident going unnoticed for an extended period.
The first incident that compromised the Free Download Manager occurred in 2020.
Based on reports, a group of malware operators infiltrated the Free Download Manager (FDM) websites in 2020. This campaign allowed the attacker to redirect select Linux users who attempted to download the software from a third-party source.
However, the malicious website hosted a Debian package that the threat actors manipulated to launch a DNS-based backdoor and distribute a Bash stealer malware that could harvest sensitive information from infected systems.
On the other hand, the FDM investigation explained that a vulnerability in the website’s script allowed the threat group to manipulate the download page. Hence, they have successfully redirected site visitors to the fake domain called deb.fdmpkg[.]org.
This domain hosted the malicious [.]deb file, which the unknowing visitors downloaded during installation. However, the vulnerability mysteriously executed a patch which the admins noticed during their routine site update last year.
The FDM maintainers have released a shell script that could scan the system if it contains malware. However, it is crucial to note that this scanner script does not remove the malware.
Users who detect the backdoor and the information stealer malware on their machines should reinstall their operating systems to remove these malicious payloads. This newly revealed incident indicates threat actors could exist in a system for long periods without raising suspicion.
Software developers should be wary of such campaigns, and users should avoid downloading products from third-party sources and untrusted websites.
