Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 12 submissions in the queue.
posted by hubie on Saturday September 16 2023, @09:17PM   Printer-friendly
from the wget-is-safer dept.

Free Download Manager Site Compromised to Distribute Linux Malware to Users for 3+ Years:

A download manager site served Linux users malware that stealthily stole passwords and other sensitive information for more than three years as part of a supply chain attack.

The modus operandi entailed establishing a reverse shell to an actor-controlled server and installing a Bash stealer on the compromised system. The campaign, which took place between 2020 and 2022, is no longer active.

"This stealer collects data such as system information, browsing history, saved passwords, cryptocurrency wallet files, as well as credentials for cloud services (AWS, Google Cloud, Oracle Cloud Infrastructure, Azure)," Kaspersky researchers Georgy Kucherin and Leonid Bezvershenko said.

The website in question is freedownloadmanager[.]org, which, according to the Russian cybersecurity firm, offers a legitimate Linux software called "Free Download Manager," but starting in January 2020, began redirecting some users who attempted to download it to another domain deb.fdmpkg[.]org that served a booby-trapped Debian package.

It's suspected that the malware authors engineered the attack based on certain predefined filtering criteria (say, a digital fingerprint of the system) to selectively lead potential victims to the malicious version. The rogue redirects ended in 2022 for inexplicable reasons.

[...] It's not immediately clear how the compromise actually took place and what the end goals of the campaign were. What's evident is that not everyone who downloaded the software received the rogue package, enabling it to evade detection for years.

"While the campaign is currently inactive, this case of Free Download Manager demonstrates that it can be quite difficult to detect ongoing cyberattacks on Linux machines with the naked eye," the researchers said.

"Thus, it is essential that Linux machines, both desktop and server, are equipped with reliable and efficient security solutions."

[EDITOR'S NOTE: We have been informed by the Free Download Manager Team that all their sites are now secure. This does not in any way affect the content of this story which covers a 3 year period beginning in 2020. JR, 18092023-06:32UTC]


Original Submission

 
This discussion was created by hubie (1068) for logged-in users only, but now has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 1, Insightful) by Anonymous Coward on Sunday September 17 2023, @12:27AM

    by Anonymous Coward on Sunday September 17 2023, @12:27AM (#1324987)

    It's time to face facts. Our fantastically rich and powerful oligarchs didn't get where they are by exercising compassion and responsibility toward their fellow human beings; they got there by doing the exact opposite.

  • (Score: 0) by Anonymous Coward on Sunday September 17 2023, @05:07PM (5 children)

    by Anonymous Coward on Sunday September 17 2023, @05:07PM (#1325071)
    It's time to face the facts. This shows that when Linux users do the same things that Windows users do, they can get pwned just the same.

    And if you're saying Linux users should just stick to software from their walled garden, you should be using Apple stuff instead.
    • (Score: 0) by Anonymous Coward on Monday September 18 2023, @12:31AM (3 children)

      by Anonymous Coward on Monday September 18 2023, @12:31AM (#1325107)

      Look over in the submission queue, there's a new story submitted by "Free Download Manager" or related--attempting to update this front page item.

      • (Score: 2) by janrinok on Monday September 18 2023, @08:26AM (2 children)

        by janrinok (52) Subscriber Badge on Monday September 18 2023, @08:26AM (#1325142) Journal

        Updated - thank you.

        --
        I am not interested in knowing who people are or where they live. My interest starts and stops at our servers.
        • (Score: 0) by Anonymous Coward on Monday September 18 2023, @03:33PM (1 child)

          by Anonymous Coward on Monday September 18 2023, @03:33PM (#1325192)

          Fast work (updating TFA)!

          Personally, I wouldn't trust that update any further than I could throw it...unless there was some way to verify who sent it?

          • (Score: 3, Informative) by janrinok on Monday September 18 2023, @03:41PM

            by janrinok (52) Subscriber Badge on Monday September 18 2023, @03:41PM (#1325193) Journal

            No, I wouldn't trust it much either, which is why I did not change the content. I merely acknowledged their comment.

            --
            I am not interested in knowing who people are or where they live. My interest starts and stops at our servers.
    • (Score: 2) by Freeman on Monday September 18 2023, @01:46PM

      by Freeman (732) on Monday September 18 2023, @01:46PM (#1325175) Journal

      The difference being is that the likes of Microsoft would be covering up their involvement and waiting as long as possible to notify anyone about any issues.

      See, for reference: https://arstechnica.com/security/2023/08/microsoft-cloud-security-blasted-for-its-culture-of-toxic-obfuscation/ [arstechnica.com]

      --
      Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
  • (Score: 0, Spam) by FDM Team on Wednesday September 20 2023, @04:17PM

    by FDM Team (35745) on Wednesday September 20 2023, @04:17PM (#1325409)

    Dear Community,

    Here is the second update regarding the issue: We have prepared a bash script that you can use to check the presence of the malware in your system.
    Please review our instructions on our official page: https://www.freedownloadmanager.org/blog/?p=664 [freedownloadmanager.org]

    We once again sincerely apologize for any inconvenience that might have been caused.

(1)