The researchers of Kaspersky they reported that Free Download Manager directs users to a repository of packages Debian harmful.
The widespread malware establishes a reverse shell on a C2 server, also installing a bash stealer which collects victim data, including credentials e password. According to information obtained from Kaspersky, this system was in operation for three years before being discovered.
Although the cybersecurity company has informed the software vendor, it has not received a response at this time, so the exact means implemented to compromise the system remain unclear at this time.
Kaspersky claims that the official download page hosted on the site freedownloadmanager[.]org sometimes redirects those who try to download the Linux version to a malicious domain (i.e deb.fdmpkg[.]org), which hosts a malicious Debian package.
Since this redirect occurs only in some cases, and not in all download attempts from the official site, it is hypothesized that the scripts targeted users based on specific but currently unknown criteria.
The redirection to the malicious domain by Free Download Manager is offered only to some users
Kaspersky noticed several posts on social media, Reddit, StackOverflow, YouTube e Unix Stack Exchangewhere the malicious domain was spread as a reliable source to get Free Download Manager tool.
Additionally, a post on the official Free Download Manager website in 2021 illustrates how an infected user reported the malicious domain fdmpkg[.]org and was told that this is not connected in any way to the official project.
On the same sites, users discussed problems with the software over the past three years, exchanging opinions about suspicious files, but without realizing they were infected with malware.
Although Kaspersky says the redirect stopped in 2022, old YouTube videos clearly show download links on the official Free Download Manager site, redirecting some users to the aforementioned URL deb.fdmpkg[.]org.