Widely used cross-platform download manager Free Download Manager has released a script to help determine information-stealing malware compromise in Linux computers as part of a years-long supply chain attack recently reported by Kaspersky researchers, BleepingComputer reports.
Attackers were noted by Kaspersky to have compromised Free Download Manager's website in 2020 to facilitate the deployment of a Bash information stealer and a reverse shell-creating backdoor. Such a compromise was later attributed by FDM to a Ukrainian hacking operation, which exploited a website flaw to facilitate malicious code injections.
"Only a small subset of users, specifically those who attempted to download FDM for Linux between 2020 and 2022, were potentially exposed. Intriguingly, this vulnerability was unknowingly resolved during a routine site update in 2022," said FDM.
Organizations using the newly released scanner script were advised that malware is only being identified but not removed by the tool and that impacted systems should be reinstalled.