This free download manager site actually just redirected Linux users to malware for years

Malware Magnifying Glass
Image Credit: Shutterstock (Image credit: Andriano.cz / Shutterstock)

UPDATE: Free Download Manager has provided TechRadar Pro with a response, which we have pasted at the bottom of the article.

An infostealing malware campaign has been underway for at least three years, going completely unnoticed, Russian cybersecurity firm Kaspersky has revealed.

The finding came after the company decided to take a closer look at the growing number of Linux-based attacks, which “can operate for years without being noticed by the cybersecurity community.”

This example in particular focuses on what appears to be a free download manager destined for use on Debian machines, which has been available in its malicious form since January 2020.

Debian download manager malware

Affected versions of the downloadable software contain an infected postinst script that is executed upon installation, which the analysts say contains comments in both Russian and Ukrainian.

Having downloaded and installed an infected version of the software for further investigation, Kaspersky’s workers reveal that a Bash stealer is deployed to collect information such as system information, browsing history, saved passwords, cryptocurrency wallet files, and credentials for cloud services - specifically, AWS, Google Cloud, Oracle Cloud Infrastructure, Azure.

Fortunately, the researchers also revealed how the malicious version of the software had been distributed. They confirmed that the official website and its content had not been compromised, and actually, the infostealing version had been posted to online communities like Reddit and StackOverflow over a period of around two years.

According to Kaspersky, the threat actor targeted Linux machines specifically because they are much less frequently analyzed compared with Windows and macOS devices, simply due to popularity reasons. 

Still, there are some very easy steps that users can take to protect themselves online. Most importantly, users should only download from legitimate sources and check things like domains and email addresses against what has been verified as legitimate. Doing so would have saved victims from this case of malware.

The genuine makers of Free Download Manager have since been notified by Kaspersky, and in a statement to TechRadar Pro, Free Download Manager said, "all links on the FDM website are secure and functional".

The company's full response is as follows:

Dear community,

We wish to address a significant security concern that has recently come to our attention. Upholding your trust is paramount to us, and in our dedication to transparency, we aim to provide a clear and direct account of the situation.

What Happened: Today, informed by the findings from Kaspersky Lab, we became aware of a past security incident from 2020. It appears that a specific web page on our site was compromised by a Ukrainian hacker group, exploiting it to distribute malicious software. Only a small subset of users, specifically those who attempted to download FDM for Linux between 2020 and 2022, were potentially exposed. It’s estimated that much less than 0.1% of our visitors might have encountered this issue. This limited scope is probably why the issue remained undetected until now. Intriguingly, this vulnerability was unknowingly resolved during a routine site update in 2022.

Our Immediate Actions: Upon this discovery, we initiated a thorough investigation. We’re reinforcing our defenses and implementing additional measures to prevent such vulnerabilities in the future.

Recommendations for Users: If you were among the subset of users who tried to download FDM for Linux from our compromised page during the mentioned time frame, we strongly recommend conducting a malware scan on your system and updating your passwords as a precautionary measure.
Communication Issues: We also discovered an issue with one of our contact forms which might have impeded prompt communication, presumably it was the form used by Kaspersky Lab representatives to reach out to us. If you attempted to reach out regarding this or any related issue without receiving feedback, please contact us again at 
support@freedownloadmanager.org.

We sincerely apologize for any inconvenience or concern this might cause. Ensuring your digital safety remains at the forefront of our efforts, and we are unwavering in our commitment to safeguard your trust.

We encourage everyone to get more insights on the Official FDM Website: 
https://www.freedownloadmanager.org/blog/?p=664

Thank you for your patience and understanding. We will keep you updated as we learn more.
Best regards, Free Download Manager team

The company has also developed a bash script that allows users to check for malware on their systems - the script and instructions are now available on its official website: https://www.freedownloadmanager.org/blog/?p=664

More from TechRadar Pro

Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

TOPICS