GoKawiilThe website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows and Linux installers, with the Windows payload found deploying a Python-based remote access trojan.
The supply chain attack affects those who downloaded installers from the official website between May 6 and May 7, 2026 via the Windows "Download Alternative Installer" links or the Linux shell installer.
According to the developers, the attackers modified the website's download links to point to malicious third-party payloads rather than legitimate installers.
JDownloader is a widely used free download management application that supports automated downloads from file-hosting services, video sites, and premium link generators. The software has been available for more than a decade and is used by millions worldwide across Windows, Linux, and macOS.
The JDownloader supply chain attack
The compromise was first reported on Reddit by a user named "PrinceOfNightSky," who noticed that downloaded installers were being flagged by Microsoft Defender.
"I been using Jdownloader and switched to a new PC a few weeks ago. Luckily I had the installer in a usb drive but decided to download the latest version," posted PrinceOfNightSky to Reddit.
"The website is official but all the Exes for windows are being reported as malicious software by windows and the developer is being listed as 'Zipline LLC.' And other times it's saying 'The Water Team' The software is obviously by Appwork and I have to manually unblock it from windows to run it which I will not do."
The JDownloader developers later confirmed that the site had been compromised and took the website offline to investigate the incident.
In an incident report, the devs said their website was compromised by attackers exploiting an unpatched vulnerability that allowed them to change website access control lists and content without authentication.
... continue reading