- Attackers exploited a CMS flaw to interchange Home windows and Linux installer hyperlinks with malware‑laden variations between Could 6–7, 2026
- The poisoned installers deployed a Python‑primarily based RAT by way of a loader, whereas different distribution channels (macOS, JAR, Snap, and so forth.) remained protected
- AppWork advises verifying digital signatures (“AppWork GmbH”) to keep away from tampered builds; the location has since been secured
Common obtain supervisor JDownloader not too long ago had its web site hacked and hijacked to deploy malware to Home windows and Linux customers.
As defined by proprietor AppWork, unidentified attackers discovered a vulnerability within the web site’s content material administration system (CMS), and used it to swap out the obtain hyperlinks for a pair of variants:
“Adjustments have been made via the web site’s content material administration system, affecting printed pages and hyperlinks,” AppWork stated in its incident report. “The attacker didn’t acquire entry to the underlying server stack — particularly no entry to the host filesystem or broader operating-system-level management past CMS-managed internet content material.”
Newest Movies From
It’s possible you’ll like
Checking the digital signature
Anybody who clicked on the choice Home windows installer obtain hyperlinks, or the Linux shell installer hyperlink, between Could 6 and Could 7, 2026, was redirected to a third-party server internet hosting a malicious model of the software program. This model was poisoned to incorporate a loader that deployed a closely obfuscated Python-built Distant Entry Trojan (RAT).
Different downloads, together with in-app updates, macOS downloads, Flatpak, Winget, Snap packages, and the principle JDownloader JAR bundle weren’t tampered, AppWork confirmed.
It additionally stated one of the simplest ways to be sure you’re utilizing the proper installer is to double-check its digital signature. That may be executed by right-clicking on the executable, navigating to Properties, after which the Digital Signatures tab. This system wants to indicate it was signed by “AppWork GmbH”, in any other case it’s undoubtedly malware.
On Reddit, customers who downloaded the contaminated variations noticed the developer being listed as ‘Zipline LLC,’ and ‘The Water Workforce’. Fortunately sufficient, Home windows Defender flagged this system as malicious, defending the customers.
The web site was quickly turned off, permitting the corporate to plug the outlet and clear up the hyperlinks.
Through BleepingComputer
The very best antivirus for all budgets
Our high picks, primarily based on real-world testing and comparisons
Observe TechRadar on Google Information and add us as a most well-liked supply to get our professional information, critiques, and opinion in your feeds.
