The builders of Free Obtain Supervisor (FDM) have printed a script to test if a Linux system was contaminated via a lately reported provide chain assault.
Free Obtain Supervisor is a well-liked cross-platform obtain supervisor that provides torrenting, proxying, and on-line video downloads via a user-friendly interface.
Final week, Kaspersky revealed that the mission’s web site was compromised sooner or later in 2020, redirecting a portion of Linux customers who tried to obtain the software program to a malicious web site.
This web site dropped a trojanized FDM installer for Linux that put in a Bash data stealer and a backdoor that established a reverse shell from the attacker’s server.
Although many customers reported peculiar habits after putting in the malicious installer, the an infection remained undetected for 3 years till Kaspersky’s report was printed.
Free Obtain Supervisor’s response
With the matter gaining consideration, FDM investigated and found that Kaspersky’s and different’s studies concerning the compromise of their web site had been ignored as a result of an error of their contact system.
“It seems that a particular internet web page on our web site was compromised by a Ukrainian hacker group, exploiting it to distribute malicious software program,” defined the safety announcement on FDM’s web site.
“Solely a small subset of customers, particularly those that tried to obtain FDM for Linux between 2020 and 2022, had been probably uncovered.”
“Intriguingly, this vulnerability was unknowingly resolved throughout a routine web site replace in 2022.”
The builders say that the positioning was breached via web site vulnerability, permitting the attackers to introduce a malicious code that modified the obtain web page for a small share of tourists.
At the moment, FDM launched a script that may scan Linux computer systems to test in the event that they had been contaminated with the info-stealer malware from this marketing campaign.
The script is accessible from right here, and working it’s a two-step course of from a terminal:
chmod +x linux_malware_check.sh
./linux_malware_check.shCustomers ought to be aware that the scanner script will solely establish if the malware is put in by searching for the presence of some recordsdata on the system, however it doesn’t take away them.
Therefore, if the scanner finds something, customers should manually take away the malware or use extra safety instruments to find and uproot the malware recordsdata.
FDM’s really helpful motion is to reinstall the system.
