Threat actors compromised the “freedownloadmanager[.]org” website in January 2020 to redirect to another domain with a malicious Debian package that eventually resulted in the delivery of the crond backdoor and the Bash information-stealing malware, which sought to exfiltrate cloud service credentials, system information, cryptocurrency wallet files, and saved passwords, according to a Kaspersky report.
Detection of the now inactive campaign has been hampered by the absence of the Debian package in some of the targets that downloaded the software.
“While the campaign is currently inactive, this case of Free Download Manager demonstrates that it can be quite difficult to detect ongoing cyberattacks on Linux machines with the naked eye. Thus, it is essential that Linux machines, both desktop and server, are equipped with reliable and efficient security solutions,” said researchers.