Top download manager JDownloader hacked — installers replaced with dangerous malware

Attackers exploited a CMS flaw to replace Windows and Linux installer links with malware‑laden versions between May 6–7, 2026
The poisoned installers deployed a Python‑based RAT via a loader, while other distribution channels (macOS, JAR, Snap, etc.) remained safe
AppWork advises verifying digital signatures (“AppWork GmbH”) to avoid tampered builds; the site has since been secured

Popular download manager JDownloader recently had its website hacked and hijacked to deploy malware to Windows and Linux users.

As explained by owner AppWork, unidentified attackers found a vulnerability in the website’s content management system (CMS), and used it to swap out the download links for a pair of variants:

“Changes were made through the website’s content management system, affecting published pages and links,” AppWork said in its incident report. “The attacker did not gain access to the underlying server stack — in particular no access to the host filesystem or broader operating-system-level control beyond CMS-managed web content.”

Checking the digital signature

Anyone who clicked on the alternative Windows installer download links, or the Linux shell installer link, between May 6 and May 7, 2026, was redirected to a third-party server hosting a malicious version of the software. This version was poisoned to include a loader that deployed a heavily obfuscated Python-built Remote Access Trojan (RAT).

Other downloads, including in-app updates, macOS downloads, Flatpak, Winget, Snap packages, and the main JDownloader JAR package were not tampered, AppWork confirmed.

malware.

On Reddit, users who downloaded the tainted versions saw the developer being listed as ‘Zipline LLC,’ and ‘The Water Team’. Luckily enough, Windows Defender flagged the program as malicious, protecting the users.

The website was temporarily turned off, allowing the company to plug the hole and clean up the links.

Via BleepingComputer

The best antivirus for all budgets

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

https://cdn.mos.cms.futurecdn.net/DVYr26EgcJb68CRrjxuAW4-2560-80.jpg

Source link

OneOdio Studio Max 2 review: DJ headphones without the wire

Will the World Cup be safe? New report finds huge surge in cyberattacks targeting professional sports organizations

Xiaomi unveiled an EV feature that Tesla promised back in 2014… but it could make charging a lot easier

‘This case presents the Court with an unusual scenario’: Judge kicks lawyers off cases are finding out both were using AI to argue

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

‘Holding Liat,’ ‘Everything You Have Is Yours’ To Stream On Kinema

New York Knicks Funko Pop Joins 2026 NBA Champions Merch and Clothing

The Linda Lindas Sign With Reprise-Warner Records

Jelly Roll, Bunnie XO’s Love Story

China’s industrial output growth quickens in May but retail sales and investment contract

China’s May retail sales fall for first time in over three years

Sensex, Nifty rally 1% as US-Iran peace hopes spark risk-on sentiment

Asia stocks mixed on weak China data; Nikkei, ASX fall ahead c.bank meetings

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays