The maintainers of Totally free Down load Manager (FDM) have acknowledged a security incident dating back to 2020 that led to its website becoming employed to distribute malicious Linux software.
“It seems that a certain web web page on our internet site was compromised by a Ukrainian hacker group, exploiting it to distribute malicious software,” it explained in an notify last week. “Only a modest subset of people, exclusively these who attempted to obtain FDM for Linux between 2020 and 2022, have been probably uncovered.”
Much less than .1% of its guests are estimated to have encountered the issue, incorporating it may well have been why the challenge went undetected until finally now.
The disclosure comes as Kaspersky disclosed that the project’s web page was infiltrated at some position in 2020 to redirect pick Linux consumers who attempted to download the software to a malicious site hosting a Debian offer.
The package was even more configured to deploy a DNS-dependent backdoor and in the long run serve a Bash stealer malware able of harvesting delicate knowledge from compromised techniques.
FDM said its investigation uncovered a vulnerability in a script on its website that the hackers exploited to tamper with the obtain web site and lead the web page visitors to the pretend area deb.fdmpkg[.]org hosting the destructive .deb file.
“It had an «exception list» of IP addresses from many subnets, which includes these linked with Bing and Google,” FDM stated. “Website visitors from these IP addresses ended up usually given the accurate down load url.”
Approaching WEBINARLevel-Up SaaS Security: A Thorough Information to ITDR and SSPM
Continue to be ahead with actionable insights on how ITDR identifies and mitigates threats. Discover about the indispensable function of SSPM in making certain your id remains unbreachable.
Supercharge Your Abilities
“Intriguingly, this vulnerability was unknowingly solved for the duration of a schedule internet site update in 2022,” it even further observed.
FDM has also produced a shell script for end users to check out for the existence of malware in their techniques. It can be downloaded from here.
But it is really worth pointing out that the scanner script does not clear away the malware. Consumers who find the backdoor and the info stealer in their devices are expected to reinstall the technique.
Discovered this article exciting? Adhere to us on Twitter and LinkedIn to examine more unique content we write-up.
Some parts of this article are sourced from:
thehackernews.com