The developers of Free Download Manager (FDM) have published a script to check if Linux devices have been infected through a recently reported supply chain attack.

Free Download Manager is a popular cross-platform download manager that offers torrent downloading, proxies, and online video downloads through a user-friendly interface.
Mr. Kaspersky revealed that the project's website was compromised at some point in 2020, redirecting a portion of Linux users who tried to download the software to a malicious website.
This website has dropped a trojanized FDM installer for Linux. This installer installed the Bash information stealer and a backdoor that established a reverse shell from the attacker's server.

Although many users reported strange behavior after installing the malicious installer, the infection remained undetected for three years until Kaspersky's report was published.

Free Download Manager Response
As the issue gained traction, FDM investigated and discovered that reports by Kaspersky and other companies about their websites being compromised were ignored due to errors in their contact systems. Surname.

The security notice on the FDM site explains: “It appears that a specific web page on our website has been compromised by a group of Ukrainian hackers, exploiting it to distribute malware.”

“Only a small group of users, especially those who attempted to download FDM for Linux between 2020 and 2022, were potentially exposed.”

"Interestingly, this vulnerability was accidentally resolved during a routine website update in 2022."

The developers say the site was compromised through a website vulnerability, which allowed attackers to inject malicious code that altered the download page for a small percentage of visitors.

Today, FDM released a script that will scan Linux computers to check if they are infected with information-stealing malware from this campaign.

The script is available from here and running it is a two-step process from the terminal:

chmod +x linux_malware_check.sh
./linux_malware_check.sh
Users should note that the scanning script will only determine if malware is installed by looking for the presence of certain files on the system, not removing them.

Therefore, if the scanner finds anything, users must manually remove the malware or use additional security tools to locate and remove the malware files.

FDM's recommended action is to reinstall the system.