For more than three years, users have been exposed to malware via the compromised Free Download Manager website

As part of a supply chain abuse, the Free download manager website supplied malware to Linux users that for more than three years stealthily gathered passwords and other private data.

The strategy included installing a Bash stealer on the compromised system and creating a reverse shell to a server under the control of the actor. Between 2020 and 2022, the campaign ran, however it is already over.

Researchers Georgy Kucherin and Leonid Bezvershenko of Kaspersky stated, “This stealer gathers data such as system information, browsing history, saved passwords, cryptocurrency wallet files, as well as credentials for cloud services (AWS, Google Cloud, Oracle Cloud Infrastructure, Azure).”

This website, freedownloadmanager[.]org, purports to provide a genuine Linux program named “Free Download Manager,” but as of January 2020, it began transferring users who attempted to download it to a different domain, deb.fdmpkg[.]org, which provided a Debian package that was a trap

(Score: 13) - 4.6/5
4.6/5