The recent compromise of information has alarmed users
A few days ago the Kaspersky Lab researchers, They announced the news that They detected a backdoor in the deb package download manager Free Download Manager (FDM), which was distributed through the deb.fdmpkg.org repository, to which it was linked on the project's official website.
It is mentioned that the malicious package was placed on the site's specific web page, which was compromised by a group of Ukrainian hackers, taking advantage of it to distribute malicious software, affecting users who downloaded the deb package between 2020 and 2022, who were potentially exposed.
About the malicious package, A version of FDM was released in January 2020 with a malicious insertion and was distributed through the project's official website (freedownloadmanager.org) at least until the site was updated in 2022.
It is mentioned that this sent confidential information and credentials and was called through a handler initiated by the package manager in the post-package installation stage. This information is based on preliminary data, since in 2020 the project website was hacked and the attackers changed the content of the page with a download link.
In 2022, the vulnerability was unknowingly fixed after a site update. FDM developers believe that the issue went unnoticed for a long time, affecting much less than 0,1% of site visitors. It is assumed that the link to the malicious package was not provided to all users, but only selectively in relation to browser parameters/location or in random order (copies of the download page for 2020 and 2021 saved by the archive.org service contain a legitimate link).
About the way he acted the malicious code integrated into the deb package is after being installed downloaded some executable files from external hosts and then set crontab to call one of the downloaded files every 10 minutes.
Among the functions of the malicious code, it is mentioned that once active it searched and accumulated information about the system, browser history, files with cryptocurrency wallets and credentials to connect to AWS, Google Cloud, Oracle Cloud Infrastructure and Azure cloud services.
The malicious code was found after studying the attack, which involved suspicious hosts *.u.fdmpkg.org. Examination of the domain fdmpkg.org showed that it has a subdomain deb.fdmpkg.org, which serves as a deb package repository, which hosts a malicious package with an old version of Free Download Manager.
After analyzing mentions of deb.fdmpkg.org in open sources, The researchers found several discussions on StackOverflow and Reddit about problems that arose due to using an infected version of Free Download Manager. Connection to official website discovered after a video with instructions to install Free Download Manager was found on YouTube, which showed the package being downloaded from the repository by clicking the “Download” link on the official project page.
Regarding the case, the developers of Free Download Manager reported that they had initiated an investigation and announced that they were taking measures to strengthen infrastructure protection that would prevent similar incidents in the future.
Dear community,
We wish to address an important security concern that has recently come to our attention. Maintaining your trust is paramount to us, and in our dedication to transparency, we aim to provide a clear and direct explanation of the situation…
Recommendations for Users: If you were among the subset of users who attempted to download FDM for Linux from our compromised page during the mentioned period, we strongly recommend running a malware scan on your system and updating your passwords as a precaution.
Communication Issues: We also discovered an issue with one of our contact forms that may have prevented quick communication; presumably it was the form used by Kaspersky Lab representatives to communicate with us. If you have attempted to contact us regarding this or any related issue without feedback, please contact us again at support@freedownloadmanager.org.
We sincerely apologize for any inconvenience or concern this may cause. Ensuring your digital security remains a priority in our efforts and we are unwavering in our commitment to safeguarding your trust.
In addition, they recommend users who installed Linux versions of FDM from 2020 to 2022 scan their systems for malware and change the passwords they use.
Finally if you are interested in knowing more about it, you can check the details in the following link