The JDownloader website was compromised via an unpatched CMS vulnerability, allowing attackers to alter download links and distribute malicious installers for Windows and Linux from May 6-7, 2026. The Windows payload deployed a Python-based RAT, while the Linux installer downloaded obfuscated binaries to establish persistence. Users who executed affected installers should reinstall their OS and reset credentials; legitimate installers can be verified by the "AppWork GmbH" digital signature.
Supply chain JDownloader website compromised to distribute malicious installers May 11, 2026 Share By SC Staff (Adobe Stock) The website for the popular JDownloader download manager was compromised last week, leading to the distribution of malicious Windows and Linux installers. The attackers exploited an unpatched vulnerability in the website's content management system to alter download links, affecting users who downloaded installers between May 6 and May 7, 2026. The compromise did not affect in-app updates, macOS downloads, or other package formats, with further coverage provided by Bleeping Computer. The supply chain attack involved attackers modifying the website's download links to point to malicious third-party payloads. For Windows, the payload deployed a Python-based remote access trojan (RAT), while the Linux installer injected malicious code to download and install obfuscated binaries, establishing persistence and masquerading as a legitimate system process. Cybersecurity researchers identified the RAT as a modular bot and RAT framework capable of executing arbitrary Python code delivered from command and control servers. JDownloader developers confirmed the breach, stating that attackers exploited an unpatched vulnerability allowing them to change website access control lists and content without authentication. Users can verify legitimate installers by checking the digital signature for "AppWork GmbH." Those who downloaded and executed the affected installers are advised to reinstall their operating systems and reset passwords due to potential credential compromise and arbitrary code execution. This incident follows similar supply chain attacks targeting software download sites like CPUID and DAEMONTOOLS. Source: Bleeping Computer SC Staff Related AI benefits/risks Trusted third-party connections are the new front door for attackers John Watters May 6, 2026 Here’s five priorities for teams looking to manage third-party risk in the AI era. Security Operations DAEMON Tools installers compromised in new supply chain attack SC Staff May 6, 2026 The attack involved tampering with three core DAEMON Tools components: DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe. Government Regulations FCC votes to ban Chinese and Hong Kong testing labs for US-bound devices SC Staff May 6, 2026 The FCC's unanimous vote on April 30, 2026, extends a prior ban on state-affiliated Chinese labs to encompass all laboratories within China and Hong Kong. Related Events Cybercast From code to cloud: Stopping attacks in the software supply chain On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe You can skip this ad in 5 seconds