Ukrainian Hacker Group Used Free Download Manager to Spread Malware

The recently discovered malware can gather system data, browsing history, passwords, and cloud service credentials.

Free Download Manager FDM official

The maintainers of Free Download Manager (FDM) have disclosed a security incident from 2020, where a Ukrainian hacker group compromised a specific web page on their site to distribute malicious software. This breach primarily affected users attempting to download FDM for Linux between 2020 and 2022, with less than 0.1% of visitors estimated to have encountered the issue. The vulnerability exploited by the was inadvertently resolved during a routine site update in 2022.

Malicious Software Distribution

The hackers manipulated the download page, redirecting select Linux users to a fake domain hosting a malicious Debian package. This package was designed to deploy a DNS-based backdoor and a Bash stealer malware, capable of harvesting sensitive data from compromised systems. The malware could collect a variety of information, including system data, browsing history, saved passwords, and credentials for various . The FDM team has since released a shell script allowing users to check for the presence of malware in their systems, emphasizing that the script does not remove the malware, necessitating system reinstallation if malware is detected.

User Impact and Response

The compromised page contained an algorithm deciding whether to give users the correct download link or one leading to the malicious file. An “exception list” included IP addresses associated with Bing and , ensuring visitors from these addresses received the correct link. The FDM team has apologized for the inconvenience and is reinforcing defenses to prevent future vulnerabilities. They recommend affected users to conduct malware scans and update passwords. Communication issues were also discovered, potentially impeding prompt communication with entities such as Kaspersky Lab, who brought the incident to light.

Ongoing Investigations and Precautions

The FDM team continues to investigate the breach, accessing project backups and analyzing the modified page and the malicious file introduced by the hackers. The incident highlights the challenges in detecting on Linux machines and underscores the importance of equipping both desktop and server Linux machines with reliable security solutions. The FDM team remains committed to user digital safety and will keep the community updated on further developments.