The free “Free Download Manager” distributed a backdoor Trojan to Linux operating systems for at least three years. A supply chain attack is suspected. Sensitive user data was also accessed.
Kaspersky has discovered a new malicious campaign targeting Linux. Once a system is infected, attackers can steal sensitive information such as system details, browsing history, saved passwords, cryptocurrency wallet files, and even login credentials for cloud services such as Amazon Web Services or Google Cloud.
Infection when downloading from the official manufacturer website
According to Kaspersky analyses, the attacks with the infiltrated application file on Linux systems took place over at least three years: the malicious installation package first appeared on the manufacturer's Free Download Manager website in 2020 and was active until at least 2022. The Kaspersky experts therefore assume this that it is a supply chain attack. The malware also caused a stir in online communities such as Reddit and StackOverflow: According to users, the infected software caused problems without the users being aware of the cybercriminal background.
YouTube tutorial provides crucial information
The Kaspersky experts came across YouTube instructions for installing the software on Linux systems, which inadvertently revealed the original infection route: When you clicked on the download button, an infected version of the Free Download Manager was downloaded. However, not all installation versions were affected: another video showed the legitimate installation file downloading. This suggests that the cybercriminals have scripted the malicious file to appear either with a certain probability or based on the potential victim's digital fingerprint.
Linux systems: false sense of security
“Variants of the analyzed backdoor have been detected by Kaspersky solutions for Linux since 2013. However, there is a widespread misconception that Linux is immune to malware, so many of these systems do not have adequate protection against cyberattacks,” summarizes Georgy Kucherin, security expert in the Global Research & Analysis Team (GReAT) at Kaspersky. “This lack of protection makes these systems attractive targets for cybercriminals. The case of Free Download Manager highlights how difficult it is to detect an ongoing cyberattack on a Linux system with the naked eye. Therefore, it is essential for Linux-based computers, both desktops and servers, to implement reliable and effective security measures.”
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/