document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-03-27 02:30:10 +08:00
Code Issues Packages Projects Releases Wiki Activity

选题[news]: 20230913 Linux Malware! Read This If You Use Free Download Manager

Browse Source 
sources/news/20230913 Linux Malware- Read This If You Use Free Download Manager.md
This commit is contained in:
DarkSun 2023-09-14 05:20:59 +08:00
parent bdf782652f
commit 123af64924
1 changed files with 87 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
sources/news/20230913 Linux Malware- Read This If You Use Free Download Manager.md Normal file
View File

@ -0,0 +1,87 @@
[#]: subject: "Linux Malware! Read This If You Use Free Download Manager"
[#]: via: "https://news.itsfoss.com/free-download-manager-malware/"
[#]: author: "Ankush Das https://news.itsfoss.com/author/ankush/"
[#]: collector: "lujun9972/lctt-scripts-1693450080"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
Linux Malware! Read This If You Use Free Download Manager
======
It is always best to stay cautious no matter what you use!
We do not often talk about Linux malware because it is often quickly patched up and not exploited much in the wild compared to Windows/macOS.
However, there has been a concern regarding the **Free Download Manager** (a decently popular cross-platform download manager).
While we do not recommend it on our [list of download managers][1] available for Linux, some of our readers have suggested it in the past. And I have used it as well up until now on Windows.
So, what is the issue?
### Malware Disguised as Free Download Manager Linux Package
**Free Download Manager is not malware**. However, a malicious package for Linux was found, distributed as Free Download Manager.
Security researchers at **Kaspersky** [discovered][2] that it existed for at least two years ( **2020-2022** ) without users knowing what they were installing.
Many malicious packages are disguised as popular programs.; _what's new here?_
**The problem** : The malicious package was found to be **distributed through the official website of Free Download Manager** 😱 along with any other unofficial sources up until 2022.
🚧
The official website is **freedownloadmanager.org,** with **files2.freedownloadmanager.org** as the correct download URL.
The domain from which the infected package was downloaded was **deb.fdmpkg[.]org.**
In other words, the official website was compromised without the developers realizing and redirected its users to download a malware-infected package for Linux from another domain.
**The catch is** : that not every user was redirected to download the malware package between 2020 and 2022 from the official website. However, it does not make things any better, right?
You may or may not have downloaded the infected package 😕
**What is the malware all about?** 🤖
Kaspersky's report describes it as " **a bash stealer** " that _collects data such as system information, browsing history, saved passwords, cryptocurrency wallet files, as well as credentials for cloud services (AWS, Google Cloud, Oracle Cloud Infrastructure, Azure)._
Considering Linux malware is rarely observed in the wild, it is important to stay cautious to verify the sources and the credibility of tools you download.
While we do not know how many Linux users utilize Free Download Manager, it is indeed alarming news. You should follow all the [tips to improve privacy][3] and secure your online experience.
**Suggested Read** 📖
![][4]
### What Should You Do Now?
Until the developers of the software put up an official public response to this, I would advise you to switch to other download managers available:
![][4]
You should remove the download manager if you do not remember (or cannot verify the source of your download).
Additionally, I would recommend you to go through the [research report][2] by Kaspersky to check indicators of compromise. If you have the same file path on your system and the malicious checksum for the Debian package matches, you should get rid of them manually.
Even if you want to re-download it, you should check the download URL before installing the package on your Linux system.
_💬 What are your thoughts on staying protected from malware on Linux? Share your thoughts in the comments below._
* * *
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/free-download-manager-malware/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://itsfoss.com/best-download-managers-linux/
[2]: https://securelist.com/backdoored-free-download-manager-linux-malware/110465/
[3]: https://itsfoss.com/improve-privacy/
[4]: https://itsfoss.com/content/images/size/w256h256/2022/12/android-chrome-192x192.png