Trojanized Free Download Manager found to contain a Linux backdoor (FDM's response in post text below) [Securelist]
(securelist.com)
from TheAnonymouseJoker@lemmy.ml to technology@lemmy.ml on 15 Sep 2023 07:27
https://lemmy.ml/post/4950776
from TheAnonymouseJoker@lemmy.ml to technology@lemmy.ml on 15 Sep 2023 07:27
https://lemmy.ml/post/4950776
From www.freedownloadmanager.org/blog/?p=664:
It appears that a specific web page on our site was compromised by a Ukrainian hacker group, exploiting it to distribute malicious software. Only a small subset of users, specifically those who attempted to download FDM for Linux between 2020 and 2022, were potentially exposed. It’s estimated that much less than 0.1% of our visitors might have encountered this issue. This limited scope is probably why the issue remained undetected until now. Intriguingly, this vulnerability was unknowingly resolved during a routine site update in 2022.
threaded - newest
How they can know the hacker group, they left a business card?
How do actors detect other actors? Ever heard of how Team Blue ops work?
Until yesterday they even didn’t know that they were hacked for years, then cleaned the file by accident when doing automatic updates; now they know who did that. Seems a way to shift blame
Have you read the code? Ukrainian clowns were behind this, just like the node-ipc NPM incident. There is a thread on HN about it as well, if you want to read.
The Kaspersky analysis noted that the malware contained comments in the shell scripts written in Ukrainian and Russian, and used malware components detected in previous malware campaigns since 2013 that presumably have been attributed to a specific group.
FTA: