← Supply-Chain Attack Compendium

jdownloader

Incident Summary

JDownloader Website CMS Compromise (2026)

Attackers compromised the jdownloader.org CMS and replaced selected installer links with redirects to malicious third-party binaries. The Windows alternative installer and Linux shell installer were affected; signed in-app updates and third-party mirrors were not. Probing began around May 5, 2026, full manipulation started May 6, and the site returned with verified clean links on May 8-9.

Date
2026-05-06 to 2026-05-07
Category
Commercial
Target Surface
Distribution
Insertion Phase
distribution
Impact
Malware delivery
Cause
Website compromise

What Was Affected

Package jdownloader
LanguageJava
ComponentApplication
Artifact typebinary archive
Domain typeproject download host

Compromised Versions

  • JDownloader2Setup_unix_nojre.sh (Linux installer)
  • JDownloader2Setup_windows-amd64_v11_0_30.exe
  • JDownloader2Setup_windows-amd64_v17_0_18.exe
  • JDownloader2Setup_windows-amd64_v1_8_0_482.exe
  • JDownloader2Setup_windows-amd64_v21_0_10.exe
  • JDownloader2Setup_windows-x86_v11_0_29.exe
  • JDownloader2Setup_windows-x86_v17_0_17.exe
  • JDownloader2Setup_windows-x86_v1_8_0_472.exe

Incident Context

Transitive
No
User Impact
0
Observed Duration
1 days

Indicators and Changes

Hashes

  • sha256:6d975c05ef7a164707fa359284a31bfe0b1681fe0319819cb9e2c4eec2a1a8af
  • sha256:fb1e3fe4d18927ff82cffb3f82a0b4ffb7280c85db5a8a8b6f6a1ac30a7e7ed9
  • sha256:04cb9f0bca6e0e4ed30bc92726590724bf60938440b3825252657d1b3af45495
  • sha256:5a6636ce490789d7f26aaa86e50bd65c7330f8e6a7c32418740c1d009fb12ef3
  • sha256:32891c0080442bf0a0c5658ada2c3845435b4e09b114599a516248723aad7805
  • sha256:de8b2bdfc61d63585329b8cfca2a012476b46387435410b995aeae5b502bd95e
  • sha256:e4a20f746b7dd19b8d9601b884e67c8166ea9676b917adea6833b695ba13de16
  • sha256:4ff7eec9e69b6008b77de1b6e5c0d18aa717f625458d80da610cb170c784e97c

External References

Source Data

Source record: proprietary/jdownloader/meta.yaml