We do not often talk about Linux malware because it is often quickly patched up and not exploited much in the wild compared to Windows/macOS.
However, there has been a concern regarding the Free Download Manager (a decently popular cross-platform download manager).
While we do not recommend it on our list of download managers available for Linux, some of our readers have suggested it in the past. And I have used it as well until now on Windows.
So, what is the issue?
Malware Disguised as Free Download Manager Linux Package
Free Download Manager is not malware. However, a malicious package for Linux was found, distributed as Free Download Manager.
Security researchers at Kaspersky discovered that it existed for at least two years (2020-2022) without users knowing what they were installing.
Many malicious packages are disguised as popular programs.; what's new here?
The problem: The malicious package was found to be distributed through the official website of Free Download Manager 😱 along with any other unofficial sources until 2022.
The domain from which the infected package was downloaded was deb.fdmpkg[.]org.
In other words, the official website was compromised without the developers realizing and redirected its users to download a malware-infected package for Linux from another domain.
The catch is: that not every user was redirected to download the malware package between 2020 and 2022 from the official website. However, it does not make things any better, right?
You may or may not have downloaded the infected package 😕
What is the malware all about? 🤖
Kaspersky's report describes it as “a bash stealer” that collects data such as system information, browsing history, saved passwords, cryptocurrency wallet files, as well as credentials for cloud services (AWS, Google Cloud, Oracle Cloud Infrastructure, Azure).
Considering Linux malware is rarely observed in the wild, it is important to stay cautious to verify the sources and the credibility of tools you download.
While we do not know how many Linux users utilize Free Download Manager, it is indeed alarming news. You should follow all the tips to improve privacy and secure your online experience.
Suggested Read 📖
What Should You Do Now?
UPDATE: The developers have published an official statement on their site with instructions to use a script to help identify if you were affected by the malware.
As per the announcement, they are working towards reinforcing the site security to prevent security breaches in the near future.
You can also try switching to other download managers available:
It is essential that you should remove the download manager if you do not remember (or cannot verify the source of your download).
Additionally, I would recommend you go through the research report by Kaspersky to check indicators of compromise. If you have the same file path on your system and the malicious checksum for the Debian package matches, you should get rid of them manually.
Not to forget, if you downloaded the malicious package, change your passwords immediately, preferably using a password manager.
Even if you want to re-download it, you should check the download URL before installing the package on your Linux system.
💬 What are your thoughts on staying protected from malware on Linux? Share your thoughts in the comments below.