JDownloader distributed malware downloads
In early May, the JDownloader website delivered malware. This is reminiscent of Daemon Tools, which have since reacted.
(Image: heise medien)
The website of the quite popular downloader tool JDownloader was compromised. It consequently delivered false installation packages that were infected with malware. The operators have since cleaned up the website. A similar incident also occurred with Daemon Tools; the owners have also reacted there and are now providing clean installers.
The JDownloader team has published a security notice regarding the incident. They write that attackers manipulated the installer download links so that they pointed to malicious files – according to reports, it was a Python-based Remote Access Trojan (RAT). The affected download links were under “Download Alternative Installer” and the Linux shell installer link. The installation files themselves hosted on the JDownloader website were not altered; rather, the targets of the links were redirected to external servers. In-app updates were not affected.
Upon becoming aware of the incident, the operators took the website offline, closed the security vulnerability, and reset the links to the correct files. Therefore, the downloads from May 6th and 7th were compromised; since May 9th, the website has been back online with clean downloads. However, the JDownloader team does not specify the exact vulnerability. They only explain that the changes to the links and pages were made in the CMS, but the attackers did not gain access to the server system, particularly not to the file system. The security notice lists information about compromised files in the form of filenames, file sizes, and SHA256 hashes, which interested parties can use to check if their download is infected with malware.
Videos by heise
Daemon Tools: Clean downloads available
Last week it became known that the Daemon Tools website also distributed malware downloads. Initially, the situation remained unchanged, but the operators have also reacted there and, after cleaning up the website, released an uninfected download of Daemon Tools Lite 12.6. Investigations are ongoing, according to the operators, to determine the cause and full extent of the incident, they write in a statement.
(dmk)
