The maintainers of Free Obtain Supervisor (FDM) have acknowledged a safety incident courting again to 2020 that led to its web site getting used to distribute malicious Linux software program.
“It appears that a specific web page on our site was compromised by a Ukrainian hacker group, exploiting it to distribute malicious software,” it said in an alert final week. “Only a small subset of users, specifically those who attempted to download FDM for Linux between 2020 and 2022, were potentially exposed.”
Lower than 0.1% of its guests are estimated to have encountered the difficulty, including it might have been why the issue went undetected till now.
The disclosure comes as Kaspersky revealed that the venture’s web site was infiltrated in some unspecified time in the future in 2020 to redirect choose Linux customers who tried to obtain the software program to a malicious web site internet hosting a Debian bundle.
The bundle was additional configured to deploy a DNS-based backdoor and in the end serve a Bash stealer malware able to harvesting delicate knowledge from compromised methods.
FDM mentioned its investigation uncovered a vulnerability in a script on its web site that the hackers exploited to tamper with the obtain web page and lead the location guests to the pretend area deb.fdmpkg[.]org internet hosting the malicious .deb file.
“It had an «exception list» of IP addresses from various subnets, including those associated with Bing and Google,” FDM mentioned. “Visitors from these IP addresses were always given the correct download link.”
Level-Up SaaS Security: A Comprehensive Guide to ITDR and SSPM
Keep forward with actionable insights on how ITDR identifies and mitigates threats. Be taught in regards to the indispensable position of SSPM in making certain your identification stays unbreachable.
“Intriguingly, this vulnerability was unknowingly resolved during a routine site update in 2022,” it additional famous.
FDM has additionally launched a shell script for customers to verify for the presence of malware of their methods. It may be downloaded from here.
Nevertheless it’s price declaring that the scanner script doesn’t take away the malware. Customers who discover the backdoor and the knowledge stealer of their machines are required to reinstall the system.
Creator: information@thehackernews.com (The Hacker Information)
Date: 2023-09-21 09:48:00
