- Password-stealing Linux malware served for 3 years and no one noticed
- Password-stealing Linux malware served for 3 years and no one noticed Ars Technica.pdf (1.5 MB)
A download site surreptitiously served Linux users malware that stole passwords and other sensitive information for more than three years until it finally went quiet, researchers said on Tuesday.
The site, freedownloadmanager[.] org, offered a benign version of a Linux offering known as the Free Download Manager. Starting in 2020, the same domain at times redirected users to the domain deb.fdmpkg[.] org, which served a malicious version of the app. The version available on the malicious domain contained a script that downloaded two executable files to the /var/tmp/crond and /var/tmp/bs file paths. The script then used the cron job scheduler to cause the file at /var/tmp/crond to launch every 10 minutes. With that, devices that had installed the booby-trapped version of Free Download Manager were permanently backdoored…
建议仍在使用 FDM（Free Download Manager）的用户弃用这个已经被恶意入侵的软件。