[NOTICE] 免费下载管理器 FDM 被黑客入侵

A download site surreptitiously served Linux users malware that stole passwords and other sensitive information for more than three years until it finally went quiet, researchers said on Tuesday.

The site, freedownloadmanager[.] org, offered a benign version of a Linux offering known as the Free Download Manager. Starting in 2020, the same domain at times redirected users to the domain deb.fdmpkg[.] org, which served a malicious version of the app. The version available on the malicious domain contained a script that downloaded two executable files to the /var/tmp/crond and /var/tmp/bs file paths. The script then used the cron job scheduler to cause the file at /var/tmp/crond to launch every 10 minutes. With that, devices that had installed the booby-trapped version of Free Download Manager were permanently backdoored…

建议仍在使用 FDM(Free Download Manager)的用户弃用这个已经被恶意入侵的软件。



在 windows 上用过,Linux 上没用过,毕竟有 wget,axel,aria2c,uget 等等太多可用的下载工具了 :rofl: