Official JDownloader site served malware to Windows and Linux users between May 6 and May 7
Official JDownloader site served malware to Windows and Linux users between May 6 and May 7
Publish Date: 2026-05-10 08:56:00
Source Domain: securityaffairs.com
Official JDownloader site served malware to Windows and Linux users between May 6 and May 7
Pierluigi Paganini
May 10, 2026
JDownloader website was hacked to distribute malicious Windows and Linux installers carrying a Python RAT between May 6–7, 2026.
JDownloader official website was compromised in a supply chain attack that replaced legitimate Windows and Linux installers with malicious files between May 6 and May 7, 2026. JDownloader is a free, open-source download management application designed to simplify and automate file downloads from websites, file-hosting services, and video platforms.
Attackers modified download links on the site to serve users malware instead of the real software. Researchers found the Windows installer deployed a Python-based remote access trojan (RAT), giving attackers remote control over infected systems.
The attack targeted users downloading the Windows “Alternative Installer” and the Linux shell installer. JDownloader is a popular download manager used by millions on Windows, Linux, and macOS, making the incident particularly concerning.
The Reddit user PrinceOfNightSky first spotted the JDownloader compromise after Microsoft Defender flagged the downloaded installers as malicious. The user noticed suspicious developer names like “Zipline LLC” and “The Water Team” instead of the legitimate publisher, AppWork GmbH.
“I been using Jdownloader and switched to a new PC a few weeks ago. Luckily I had the installer in a usb drive but decided to download the latest version. The website is official but all the Exes for windows are being reported as malicious software by windows and the developer is being listed as “Zipline LLC.”” wrote PrinceOfNightSky. “And other times it’s saying “The Water Team” The software is obviously by Appwork and I have to manually unblock it from windows to run it which I will not do. I ended up…
