Ukrainian Hacker Suspected to be Behind “Free Download Manager” Malware Assault

Sep 21, 2023THNProvide Chain / Malware

The maintainers of Free Obtain Supervisor (FDM) have acknowledged a safety incident courting again to 2020 that led to its web site getting used to distribute malicious Linux software program.

“It appears that a specific web page on our site was compromised by a Ukrainian hacker group, exploiting it to distribute malicious software,” it said in an alert final week. “Only a small subset of users, specifically those who attempted to download FDM for Linux between 2020 and 2022, were potentially exposed.”

Lower than 0.1% of its guests are estimated to have encountered the difficulty, including it might have been why the issue went undetected till now.


The disclosure comes as Kaspersky revealed that the venture’s web site was infiltrated in some unspecified time in the future in 2020 to redirect choose Linux customers who tried to obtain the software program to a malicious web site internet hosting a Debian bundle.

The bundle was additional configured to deploy a DNS-based backdoor and in the end serve a Bash stealer malware able to harvesting delicate knowledge from compromised methods.

FDM mentioned its investigation uncovered a vulnerability in a script on its web site that the hackers exploited to tamper with the obtain web page and lead the location guests to the pretend area deb.fdmpkg[.]org internet hosting the malicious .deb file.

“It had an «exception list» of IP addresses from various subnets, including those associated with Bing and Google,” FDM mentioned. “Visitors from these IP addresses were always given the correct download link.”


Level-Up SaaS Security: A Comprehensive Guide to ITDR and SSPM

Keep forward with actionable insights on how ITDR identifies and mitigates threats. Be taught in regards to the indispensable position of SSPM in making certain your identification stays unbreachable.

Supercharge Your Skills

“Intriguingly, this vulnerability was unknowingly resolved during a routine site update in 2022,” it additional famous.

FDM has additionally launched a shell script for customers to verify for the presence of malware of their methods. It may be downloaded from here.

Nevertheless it’s price declaring that the scanner script doesn’t take away the malware. Customers who discover the backdoor and the knowledge stealer of their machines are required to reinstall the system.

Discovered this text fascinating? Observe us on Twitter and LinkedIn to learn extra unique content material we publish.

Creator: (The Hacker Information)
Date: 2023-09-21 09:48:00

Source link



Related articles

Alina A, Toronto
Alina A, Toronto
Alina A, an UofT graduate & Google Certified Cyber Security analyst, currently based in Toronto, Canada. She is passionate for Research and to write about Cyber-security related issues, trends and concerns in an emerging digital world.


Please enter your comment!
Please enter your name here