The official JDownloader website was compromised to serve malicious Windows and Linux installers, and the Windows payload installed a Python-based remote access trojan. Only users who downloaded the affected alternative installer links between May 6 and May 7, 2026 were at risk, and the developers advised reinstalling systems and resetting passwords if the malware was executed. #JDownloader #AppWorkGmbH #ThomasKlemenc #ZiplineLLC #TheWaterTeam
Keypoints
- The JDownloader website was compromised through an unpatched vulnerability in its content management system.
- Attackers altered download links to deliver malicious Windows and Linux installers.
- The Windows payload acted as a loader for a heavily obfuscated Python-based RAT.
- The Linux installer downloaded additional binaries, established persistence, and ran malware as root.
- Users who ran the affected installers were advised to reinstall their operating systems and change passwords.