Free Download Manager Backdoored to Serve Linux Malware for +3 Years
1 min read
Sep 16, 2023
Researchers discovered a free download manager site that has been compromised to serve Linux malware to users for more than three years.
Researchers from Kaspersky discovered a free download manager site that has been compromised to serve Linux malware. While investigating a set of suspicious domains, the experts identified that the domain in question has a deb.fdmpkg[.]org subdomain.
Visiting the subdomain with the browser, the researchers noticed a page claiming that the domain is hosting a Linux Debian repository of software named ‘Free Download Manager’.
This package turned out to contain an infected postinst script that is executed upon installation. This script drops two ELF files to the paths /var/tmp/crond and /var/tmp/bs. It then establishes persistence by creating a cron task (stored in the file /etc/cron.d/collect) that launches the /var/tmp/crond file every 10 minutes.” reported Kasperksy.
The “Free Download Manager” version installed by the malicious package was released on January 24, 2020. The experts found comments in Russian and Ukrainian, including information about improvements made to the malware, in the postinst script.
Related Articles
1 - 0 min read
SPDX 3.0 Revolutionizes Software Management & Security
1 - 0 min read
Open Source is Not Insecure, Despite Common Misconceptions
1 - 0 min read
Spectre V2: A New Threat to Linux Systems
1 - 0 min read
New KrustyLoader Backdoor Threatens Linux & Windows Systems
