The official JDownloader website was recently compromised in a supply chain attack, resulting in the distribution of malicious Windows and Linux installers between May 6 and May 7, 2026. Attackers exploited an unpatched vulnerability in the site's content management system (CMS) to modify download links, redirecting users to third-party payloads. The breach specifically targeted the Windows 'Alternative Installer' and the Linux shell installer links, while other distribution methods like macOS packages and Flatpaks remained unaffected.
Technical analysis revealed that the malicious Windows payload deploys an obfuscated Python-based remote access trojan (RAT) capable of executing modular code from command and control servers. On Linux, the installer was found to inject malicious code that downloads ELF binaries and establishes persistence by masquerading as system services. Given the level of access granted to the malware, researchers recommend that affected users perform a full operating system reinstallation and reset all credentials.
Top comments (0)