{"id":242952,"date":"2026-05-10T08:56:00","date_gmt":"2026-05-10T12:56:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/10\/official-jdownloader-site-served-malware-to-windows-and-linux-users-between-may-6-and-may-7\/"},"modified":"2026-05-10T09:10:07","modified_gmt":"2026-05-10T13:10:07","slug":"official-jdownloader-site-served-malware-to-windows-and-linux-users-between-may-6-and-may-7","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/10\/official-jdownloader-site-served-malware-to-windows-and-linux-users-between-may-6-and-may-7\/","title":{"rendered":"Official JDownloader site served malware to Windows and Linux users between May 6 and May 7"},"content":{"rendered":"<p><a href=\"https:\/\/securityaffairs.com\/191920\/malware\/official-jdownloader-site-served-malware-to-windows-and-linux-users.html\">Official JDownloader site served malware to Windows and Linux users between May 6 and May 7<\/a><\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/191920\/malware\/official-jdownloader-site-served-malware-to-windows-and-linux-users.html\">https:\/\/securityaffairs.com\/191920\/malware\/official-jdownloader-site-served-malware-to-windows-and-linux-users.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-10 08:56:00<\/a><\/p>\n<p>Source Domain: <a href=\"securityaffairs.com\">securityaffairs.com<\/a><\/p>\n<p><h2>Official JDownloader site served malware to Windows and Linux users between May 6 and May 7<\/h2>\n<\/p>\n<p>\t\t\t\t\t\t\t<span> Pierluigi Paganini<\/span><br \/>\n\t\t\t\t\t\t\t<span><img decoding=\"async\" src=\"https:\/\/securityaffairs.com\/wp-content\/themes\/security_affairs\/images\/clock-icon.svg\" alt=\"\"\/> May 10, 2026<\/span><\/p>\n<p>\t\t\t\t\t\t<img decoding=\"async\" class=\"img-fluid mb-4\" src=\"https:\/\/i0.wp.com\/securityaffairs.com\/wp-content\/uploads\/2026\/05\/image-27.png?fit=512%2C512&#038;ssl=1\" alt=\"\"\/><\/p>\n<h2 class=\"wp-block-heading\">JDownloader website was hacked to distribute malicious Windows and Linux installers carrying a Python RAT between May 6\u20137, 2026.<\/h2>\n<p>JDownloader official website was compromised in a supply chain attack that replaced legitimate Windows and Linux installers with malicious files between May 6 and May 7, 2026. JDownloader is a free, open-source download management application designed to simplify and automate file downloads from websites, file-hosting services, and video platforms.<\/p>\n<p>Attackers modified download links on the site to serve users malware instead of the real software. Researchers found the Windows installer deployed a Python-based remote access trojan (RAT), giving attackers remote control over infected systems. <\/p>\n<p>The attack targeted users downloading the Windows \u201cAlternative Installer\u201d and the Linux shell installer. JDownloader is a popular download manager used by millions on Windows, Linux, and macOS, making the incident particularly concerning.<\/p>\n<p>The Reddit user PrinceOfNightSky first spotted the JDownloader compromise after Microsoft Defender flagged the downloaded installers as malicious. The user noticed suspicious developer names like \u201cZipline LLC\u201d and \u201cThe Water Team\u201d instead of the legitimate publisher, AppWork GmbH.<\/p>\n<p>\u201cI been using Jdownloader and switched to a new PC a few weeks ago. Luckily I had the installer in a usb drive but decided to download the latest version. The website is official but all the Exes for windows are being reported as malicious software by windows and the developer is being listed as \u201cZipline LLC.\u201d\u201d wrote PrinceOfNightSky. \u201cAnd other times it\u2019s saying \u201cThe Water Team\u201d The software is obviously by Appwork and I have to manually unblock it from windows to run it which I will not do. I ended up&#8230;<\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/191920\/malware\/official-jdownloader-site-served-malware-to-windows-and-linux-users.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Official JDownloader site served malware to Windows and Linux users between May 6 and May&#8230;<\/p>\n","protected":false},"author":1,"featured_media":242954,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2026\/05\/image-27.png","fifu_image_alt":"","footnotes":""},"categories":[48],"tags":[71,32],"class_list":["post-242952","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-linux","tag-malware"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/242952"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=242952"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/242952\/revisions"}],"predecessor-version":[{"id":242955,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/242952\/revisions\/242955"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/242954"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=242952"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=242952"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=242952"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}