Article 6EPPJ Password-stealing Linux malware served for 3 years and no one noticed (Ars Technica)

Password-stealing Linux malware served for 3 years and no one noticed (Ars Technica)

by
jake
from LWN.net on (#6EPPJ)
Ars Technica reports on a credential-stealing Trojan horse that would infect only some of those who installed the "Free Download Manager". The article is based on a Kaspersky report that details the malicious payload offered up at that site from 2020 to 2022.
The site, freedownloadmanager[.]org, offered a benign version of a Linux offering known as the Free Download Manager. Starting in 2020, the same domain at times redirected users to the domain deb.fdmpkg[.]org, which served a malicious version of the app. The version available on the malicious domain contained a script that downloaded two executable files to the /var/tmp/crond and /var/tmp/bs file paths. The script then used the cron job scheduler to cause the file at /var/tmp/crond to launch every 10 minutes. With that, devices that had installed the booby-trapped version of Free Download Manager were permanently backdoored.
External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments