Hackers breached the JDownloader website earlier this week, replacing legitimate installers with malicious versions for Windows and Linux. The compromised Windows installer contained a Python-based remote access trojan.
The attackers used a supply chain attack to distribute the malware, modifying the download links on the JDownloader website to point to the malicious installers. This allowed them to infect users who downloaded the software during the period the site was compromised.
The hackers were able to breach the JDownloader website and replace the legitimate installers with malicious ones. The exact method used to gain access to the site is not clear, but the result was a compromised download process.
The malicious Windows installer was found to deploy a Python-based remote access trojan, giving attackers control over infected systems. Linux users were also affected, with a malicious installer available for download.
The JDownloader team has since restored the legitimate installers, but users who downloaded the software during the period the site was compromised may still be at risk.
Users who downloaded JDownloader during this time should take precautions to secure their systems, including running a virus scan and monitoring their system for suspicious activity.
What should I do if I downloaded JDownloader recently? Users who downloaded the software during the compromised period should run a virus scan and monitor their system for suspicious activity. How can I tell if my system is infected? Users can check for signs of infection, such as unusual system behavior or unfamiliar programs. What is a remote access trojan? A remote access trojan is a type of malware that allows attackers to control an infected system remotely.