[ad_1]
Kaspersky security researchers have found that between 2020 and 2022, a malware for Linux was spread. But not every Debian package downloaded was contaminated.
Redirect to questionable domain
Like from the Report from Kaspersky researchers As can be seen, in some cases the FDM download page redirected to the malicious one when attempting to download the Debian package of the application domain deb.fdmpkg(.)org
around. The legitimate version, on the other hand, is fundamentally inferior files2.freedownloadmanager(.)org
hosted.
In response to user comments in Blog of the download manager explained a user named blogadmin in June 2021that there is no connection between the first domain and the Free Download Manager and that this “unknown” be. It can therefore be assumed that the software provider was itself the victim of a cyber attack and that a malicious third party orchestrated the spread of the malware.
It is still unclear what criteria will be used for forwarding deb.fdmpkg(.)org
occurred at all, as this did not happen to all Linux users. The researchers suspect that a script selected the website visitors’ systems by chance or using a kind of digital fingerprint.
Free Download Manager with Infostealer in tow
Instead of the regular Free Download Manager, affected users are said to have received a manipulated version of the application through which malicious actors apparently spread an infostealer – malware that steals sensitive data from infected systems and transmits it to a server controlled by the attacker. In the case of the manipulated FDM application, this is said to have included, among other things, browser histories and access data for well-known cloud services and crypto wallets.
The researchers found evidence of the period in which the malware was spread on platforms such as Reddit or Stack Overflow. Based on the discussions there, they came to the conclusion that the questionable forwardings must have taken place between 2020 and 2022 and therefore for around three years. Among other things, users discussed: Problems restarting or shutting down their Linux systems after installing the Free Download Manager. However, according to the security researchers, no one noticed at the time that the affected systems were infected with malware.
Infections are easily recognizable
An infection with the malware mentioned is relatively easy to detect. Linux users who downloaded and installed the Free Download Manager via the provider’s website between 2020 and 2022 should make use of this option. The malware can be identified by the presence of the following files:
- /etc/cron.d/collect
- /var/tmp/crond
- /var/tmp/bs
- /var/tmp/atd
Deleting these files is certainly advisable due to their malicious nature. However, it is unclear whether the malware can be rendered completely harmless or whether it may leave additional, previously unknown traces in the system.
In addition to the Debian package, the Free Download Manager is also available Windows, macOS and Android ready. It is not clear from the Kaspersky researchers’ report whether downloads for the last three systems were also redirected to the questionable domain. However, it can be assumed that this was not the case, otherwise the researchers would probably not have focused only on Linux in their statements.
[ad_2]
Source link