Free Download Manager Site Compromised to Distribute Linux Malware to Users for 3+ Years
upstart writes:
Free Download Manager Site Compromised to Distribute Linux Malware to Users for 3+ Years:
A download manager site served Linux users malware that stealthily stole passwords and other sensitive information for more than three years as part of a supply chain attack.
The modus operandi entailed establishing a reverse shell to an actor-controlled server and installing a Bash stealer on the compromised system. The campaign, which took place between 2020 and 2022, is no longer active.
"This stealer collects data such as system information, browsing history, saved passwords, cryptocurrency wallet files, as well as credentials for cloud services (AWS, Google Cloud, Oracle Cloud Infrastructure, Azure)," Kaspersky researchers Georgy Kucherin and Leonid Bezvershenko said.
The website in question is freedownloadmanager[.]org, which, according to the Russian cybersecurity firm, offers a legitimate Linux software called "Free Download Manager," but starting in January 2020, began redirecting some users who attempted to download it to another domain deb.fdmpkg[.]org that served a booby-trapped Debian package.
It's suspected that the malware authors engineered the attack based on certain predefined filtering criteria (say, a digital fingerprint of the system) to selectively lead potential victims to the malicious version. The rogue redirects ended in 2022 for inexplicable reasons.
[...] It's not immediately clear how the compromise actually took place and what the end goals of the campaign were. What's evident is that not everyone who downloaded the software received the rogue package, enabling it to evade detection for years.
"While the campaign is currently inactive, this case of Free Download Manager demonstrates that it can be quite difficult to detect ongoing cyberattacks on Linux machines with the naked eye," the researchers said.
"Thus, it is essential that Linux machines, both desktop and server, are equipped with reliable and efficient security solutions."
[EDITOR'S NOTE: We have been informed by the Free Download Manager Team that all their sites are now secure. This does not in any way affect the content of this story which covers a 3 year period beginning in 2020. JR, 18092023-06:32UTC]
Read more of this story at SoylentNews.