FreeDownloadManager
FreeDownloadManager site served backdoored Linux version.
The official FreeDownloadManager website was compromised and intermittently redirected Linux users to a domain serving a trojanized Debian package. The malicious package installed a backdoor and infostealer aimed at passwords, crypto wallets, and cloud credentials, turning selective redirects into quiet compromise.
- Date
- 2020-01-24 to 2022-01-01
- Category
- Commercial
- Target Surface
- Distribution
- Insertion Phase
- distribution
- Impact
- Backdoor
- Cause
- Website compromise
What Was Affected
Package
FreeDownloadManager
Languageshell
ComponentApplication
Artifact typebinary archive
Domain typeproject download host
Domain
freedownloadmanager.org
Compromised Versions
- Specific Linux Debian packages distributed via malicious redirect from freedownloadmanager.org between 2020-2022
Incident Context
- Motive
- Financial gain
- Attribution
- Cybercriminal group
- Transitive
- No
- User Impact
- 10000
- Observed Duration
- 708 days
Evidence
Compromised Artifacts
Current Artifacts and Analysis
- securelist.com/backdoored-free-download-manager-linux-malware/110465
- virustotal.com/gui/file/b77f63f14d0b2bde3f4f62f4323aad87194da11d71c117a487e18ff3f2cd468d
- virustotal.com/gui/file/2214c7a0256f07ce7b7aab8f61ef9cbaff10a456c8b9f2a97d8f713abd660349
- virustotal.com/gui/file/93358bfb6ee0caced889e94cd82f6f417965087203ca9a5fce8dc7f6e1b8a3ea
- virustotal.com/gui/file/d73be6e13732d365412d71791e5eb1096c7bb13d6f7fd533d8c04392ca0b69b5
Indicators and Changes
Hashes
sha256:b77f63f14d0b2bde3f4f62f4323aad87194da11d71c117a487e18ff3f2cd468dsha256:2214c7a0256f07ce7b7aab8f61ef9cbaff10a456c8b9f2a97d8f713abd660349sha256:93358bfb6ee0caced889e94cd82f6f417965087203ca9a5fce8dc7f6e1b8a3easha256:d73be6e13732d365412d71791e5eb1096c7bb13d6f7fd533d8c04392ca0b69b5
External References
Source Data
Source record: proprietary/freedownloadmanager/meta.yaml