Top download manager JDownloader hacked — installers replaced with dangerous malware

News
By published

Experts warn over danegrs installing JDownloader

Hacker with malware code in computer screen. Cybersecurity, privacy or cyber attack. Programmer or fraud criminal writing virus software. Online firewall and privacy crime. Web data engineer
(Image credit: Shutterstock)
  • Attackers exploited a CMS flaw to replace Windows and Linux installer links with malware‑laden versions between May 6–7, 2026
  • The poisoned installers deployed a Python‑based RAT via a loader, while other distribution channels (macOS, JAR, Snap, etc.) remained safe
  • AppWork advises verifying digital signatures (“AppWork GmbH”) to avoid tampered builds; the site has since been secured

Popular download manager JDownloader recently had its website hacked and hijacked to deploy malware to Windows and Linux users.

As explained by owner AppWork, unidentified attackers found a vulnerability in the website’s content management system (CMS), and used it to swap out the download links for a pair of variants:

"Changes were made through the website's content management system, affecting published pages and links," AppWork said in its incident report. "The attacker did not gain access to the underlying server stack — in particular no access to the host filesystem or broader operating-system-level control beyond CMS-managed web content."

Latest Videos From

Checking the digital signature

Anyone who clicked on the alternative Windows installer download links, or the Linux shell installer link, between May 6 and May 7, 2026, was redirected to a third-party server hosting a malicious version of the software. This version was poisoned to include a loader that deployed a heavily obfuscated Python-built Remote Access Trojan (RAT).

Other downloads, including in-app updates, macOS downloads, Flatpak, Winget, Snap packages, and the main JDownloader JAR package were not tampered, AppWork confirmed.

It also said the best way to make sure you’re using the right installer is to double-check its digital signature. That can be done by right-clicking on the executable, navigating to Properties, and then the Digital Signatures tab. The program needs to show it was signed by “AppWork GmbH”, otherwise it’s definitely malware.

On Reddit, users who downloaded the tainted versions saw the developer being listed as 'Zipline LLC,' and 'The Water Team'. Luckily enough, Windows Defender flagged the program as malicious, protecting the users.

The website was temporarily turned off, allowing the company to plug the hole and clean up the links.

Via BleepingComputer

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.