Top download manager JDownloader hacked installers replaced with dangerous malware
Date:
Mon, 11 May 2026 13:05:00 +0000
Description:
Between May 6 and 7, it was dangerous to install JDownloader from alternative links on the site.
FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Attackers exploited a CMS flaw to replace Windows and Linux installer links with malwareladen versions between May 67, 2026 The poisoned installers deployed a Pythonbased RAT via a loader, while other distribution channels (macOS, JAR, Snap, etc.) remained safe AppWork advises verifying digital signatures (AppWork GmbH) to avoid tampered builds; the site has since been secured Popular download manager JDownloader recently had its website hacked and hijacked to deploy malware to Windows and Linux users.
As explained by owner AppWork, unidentified attackers found a vulnerability
in the websites content management system ( CMS ), and used it to swap out
the download links for a pair of variants: "Changes were made through the website's content management system, affecting published pages and links," AppWork said in its incident report. "The attacker did not gain access to the underlying server stack in particular no access to the host filesystem or broader operating-system-level control beyond CMS-managed web content."
Latest Videos From You may like CPUID download page hacked and tools replaced with links to malicious files Kasperky warns popular Daemon Tools app backdoored by hackers to target specific victims Experts warn that free image editor tool could actually be dangerous malware Checking the digital
signature Anyone who clicked on the alternative Windows installer download links, or the Linux shell installer link, between May 6 and May 7, 2026, was redirected to a third-party server hosting a malicious version of the software. This version was poisoned to include a loader that deployed a heavily obfuscated Python-built Remote Access Trojan (RAT).
Other downloads, including in-app updates, macOS downloads, Flatpak, Winget, Snap packages, and the main JDownloader JAR package were not tampered,
AppWork confirmed.
It also said the best way to make sure youre using the right installer is to double-check its digital signature. That can be done by right-clicking on the executable, navigating to Properties, and then the Digital Signatures tab.
The program needs to show it was signed by AppWork GmbH, otherwise its definitely malware .
On Reddit, users who downloaded the tainted versions saw the developer being listed as 'Zipline LLC,' and 'The Water Team'. Luckily enough, Windows Defender flagged the program as malicious, protecting the users. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting
your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
The website was temporarily turned off, allowing the company to plug the hole and clean up the links.
Via BleepingComputer The best antivirus for all budgets Our top picks, based on real-world testing and comparisons
Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
======================================================================
Link to news story:
https://www.techradar.com/pro/security/top-download-manager-jdownloader-hacked -installers-replaced-with-dangerous-malware
--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)