The maintainers of No cost Obtain Supervisor (FDM) have acknowledged a security incident relationship again to 2020 that led to its web-site getting made use of to distribute destructive Linux software program.
“It appears that a particular web web site on our site was compromised by a Ukrainian hacker group, exploiting it to distribute malicious software,” it stated in an warn past week. “Only a modest subset of users, specially all those who tried to obtain FDM for Linux in between 2020 and 2022, ended up most likely exposed.”
Considerably less than .1% of its visitors are believed to have encountered the issue, introducing it may well have been why the issue went undetected until finally now.
The disclosure arrives as Kaspersky disclosed that the project’s site was infiltrated at some stage in 2020 to redirect pick Linux customers who tried to obtain the software program to a destructive website hosting a Debian deal.
The offer was even more configured to deploy a DNS-based mostly backdoor and in the long run serve a Bash stealer malware capable of harvesting sensitive facts from compromised techniques.
FDM claimed its investigation uncovered a vulnerability in a script on its web-site that the hackers exploited to tamper with the obtain website page and direct the internet site website visitors to the faux area deb.fdmpkg[.]org hosting the destructive .deb file.
“It had an «exception list» of IP addresses from different subnets, like those people linked with Bing and Google,” FDM said. “Site visitors from these IP addresses ended up always specified the accurate obtain website link.”
Future WEBINARLevel-Up SaaS Security: A Thorough Information to ITDR and SSPM
Keep in advance with actionable insights on how ITDR identifies and mitigates threats. Understand about the indispensable position of SSPM in ensuring your identification continues to be unbreachable.
Supercharge Your Competencies
“Intriguingly, this vulnerability was unknowingly fixed throughout a regimen website update in 2022,” it additional observed.
FDM has also unveiled a shell script for people to test for the existence of malware in their methods. It can be downloaded from right here.
But it really is worthy of pointing out that the scanner script does not take out the malware. Buyers who obtain the backdoor and the data stealer in their equipment are demanded to reinstall the program.
Discovered this write-up attention-grabbing? Observe us on Twitter and LinkedIn to study far more distinctive information we article.
Some elements of this article are sourced from: