We wish to address a significant security concern that has recently come to our attention. Upholding your trust is paramount to us, and in our dedication to transparency, we aim to provide a clear and direct account of the situation.
What Happened: Today, informed by the findings from Kaspersky Lab, we became aware of a past security incident from 2020. It appears that a specific web page on our site was compromised by a Ukrainian hacker group, exploiting it to distribute malicious software. Only a small subset of users, specifically those who attempted to download FDM for Linux between 2020 and 2022, were potentially exposed. It’s estimated that much less than 0.1% of our visitors might have encountered this issue. This limited scope is probably why the issue remained undetected until now. Intriguingly, this vulnerability was unknowingly resolved during a routine site update in 2022.
Our Immediate Actions: Upon this discovery, we initiated a thorough investigation. We’re reinforcing our defenses and implementing additional measures to prevent such vulnerabilities in the future.
Recommendations for Users: If you were among the subset of users who tried to download FDM for Linux from our compromised page during the mentioned timeframe, we strongly recommend conducting a malware scan on your system and updating your passwords as a precautionary measure.
Communication Issues: We also discovered an issue with one of our contact forms which might have impeded prompt communication, presumably it was the form used by Kaspersky Lab representatives to reach out to us. If you attempted to reach out regarding this or any related issue without receiving feedback, please contact us again at firstname.lastname@example.org.
We sincerely apologize for any inconvenience or concern this might cause. Ensuring your digital safety remains at the forefront of our efforts, and we are unwavering in our commitment to safeguard your trust.
Thank you for your patience and understanding. We will keep you updated as we learn more.
Best regards, Free Download Manager team.
Update: Our investigation has shown that the hackers exploited a vulnerability in a script on our site to introduce a malicious file they used to change the https://www.freedownloadmanager.org/download-fdm-for-linux.htm page.
To investigate this problem, we accessed data from our project backups dating back to 2020 and found this modified page, which contained an algorithm that chose whether give users correct download link or the one leading to the fake domain deb.fdmpkg.org containing a malicious .deb file. It had an «exception list» of IP addresses from various subnets, including those associated with Bing and Google. Visitors from these IP addresses were always given the correct download link.
We’re truly sorry about what happened, and we again ask our users who downloaded FDM for Linux within 2020-2022 to check their computers for malware. Also we want to reassure all our Windows and Mac users that for them our website has been safe.
Update 2: We have prepared a bash script that you can use to check the presence of malware in your system.
- Download the linux_malware_check.sh script and give it execute permissions. You can do this by running:
chmod +x linux_malware_check.sh.
- Execute the script by running:
Please note that this script only identifies whether the mentioned potential threats are present on your computer, it does not remove them. If malware is detected, it is highly recommended to reinstall the system.
We once again sincerely apologize for any inconvenience that might have been caused.