255/69 Monday, May 11, 2026
Security researchers have identified a supply chain attack targeting the official website of JDownloader, where attackers were able to modify download links on the website to redirect users to malicious files instead of legitimate installers. The incident occurred between May 6–7, 2026, and affected users who downloaded and executed files through the “Windows Alternative Installer” or “Linux shell installer” links from the official website during that time period.
The malware distributed through the Windows installer was identified as a Python-based Remote Access Trojan (RAT) capable of remotely controlling infected systems. Investigators stated that the attack did not involve tampering with the actual JDownloader software packages themselves. Instead, the attackers reportedly exploited vulnerabilities in the website’s CMS infrastructure, allowing them to modify permissions and alter download links without authentication. As a result, users accessing the software through the official website could unknowingly receive malicious files.
The JDownloader development team temporarily shut down affected servers to investigate the incident before removing the malicious links and restoring the legitimate download paths. Users who downloaded or installed files from the affected links during the specified timeframe are strongly advised to immediately inspect their systems, perform malware scans, change passwords, and consider reinstalling their operating systems if suspicious activity is detected. In addition, users are encouraged to verify file hashes or digital signatures before installing software and closely monitor official announcements from the development team to reduce the risk of future supply chain attacks.
Source https://hackread.com/hackers-hijack-jdownloader-site-malware-installers/