Discover Hacks/Cracks News
Free Download Manager Backdoored to Serve Linux Malware for +3 Years
Researchers discovered a free download manager site that has been compromised to serve Linux malware to users for more than three years.
Researchers from Kaspersky discovered a free download manager site that has been compromised to serve Linux malware. While investigating a set of suspicious domains, the experts identified that the domain in question has a deb.fdmpkg[.]org subdomain.
Visiting the subdomain with the browser, the researchers noticed a page claiming that the domain is hosting a Linux Debian repository of software named ‘Free Download Manager’.
This package turned out to contain an infected postinst script that is executed upon installation. This script drops two ELF files to the paths /var/tmp/crond and /var/tmp/bs. It then establishes persistence by creating a cron task (stored in the file /etc/cron.d/collect) that launches the /var/tmp/crond file every 10 minutes.” reported Kasperksy.
The “Free Download Manager” version installed by the malicious package was released on January 24, 2020. The experts found comments in Russian and Ukrainian, including information about improvements made to the malware, in the postinst script.