Top download manager JDownloader hacked — installers replaced with dangerous malware

• Attackers exploited a CMS flaw to replace Windows and Linux installer links with malware‑laden versions between May 6–7, 2026
• The poisoned installers deployed a Python‑based RAT via a loader, while other distribution channels (macOS, JAR, Snap, etc.) remained safe
• AppWork advises verifying digital signatures (“AppWork GmbH”) to avoid tampered builds; the site has since been secured

Popular download manager JDownloader recently had its website hacked and hijacked to deploy malware to Windows and Linux users.

As explained by owner AppWork, unidentified attackers found a vulnerability in the website’s content management system (CMS), and used it to swap out the download links for a pair of variants:

"Changes were made through the website's content management system, affecting published pages and links," AppWork said in its incident report. "The attacker did not gain access to the underlying server stack — in particular no access to ...