Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

JDownloader website hit by network compromise

Incident
First reported
Last updated
Happening score
H score 9
1 unique sources, 1 articles

Summary

Hide ▲

The JDownloader website suffered a supply-chain compromise that replaced official Windows and Linux installer links with malicious payloads, putting users who downloaded them at risk of malware infection. The affected downloads were distributed during May 6-7, 2026, and the Windows payload was found deploying a Python-based remote access trojan. The compromise affected only the alternative installer paths, but it still created a direct path from the official site to malware delivery. Users who ran the trojanized installers were advised to reinstall systems and reset passwords because of possible credential exposure.

Related Happenings

Microsoft Defender false-positively flags DigiCert root certificates and removes some from Windows trust store

Security Tool/Service
First: 03.05.2026 21:11 Last: 03.05.2026 21:11 Sources 1

About this happening: **Microsoft Defender** began falsely flagging valid **DigiCert root certificates** as **Trojan:Win32/Cerdigent.A!dha**, creating widespread false positives and risking certificate...

Open Happening

ClockRemoval.ps1 antivirus-disabling malware activity linked to Dragon Boss Solutions LLC

Malware Activity
First: 15.04.2026 17:40 Last: 15.04.2026 17:40 Sources 1

About this happening: A signed software operation linked to **Dragon Boss Solutions LLC** was observed using **ClockRemoval.ps1** to disable antivirus on **more than 23,000 endpoints worldwide**, raisi...

Open Happening

Fake Claude PlugX phishing campaign

Campaign
First: 13.04.2026 12:52 Last: 13.04.2026 12:52 Sources 1

About this happening: A **February** phishing campaign used a **fake Claude website** and **fake meeting invitations** to deliver **PlugX** malware to recipients, turning a popular AI brand into a malw...

Latest development: 07.05.2026 13:02

A fake Claude AI site at claude-pro[.]com distributed Claude-Pro-windows-x64.zip, which drops NOVupdate.exe, NOVupdate.exe.dat, and avk.dll to sideload DonutLoader and load the Beagle backdoor on Windows. The backdoor uses license[.]claude-pro[.]com for command-and-control over TCP 443 and/or UDP 8080, and related Beagle samples were submitted to VirusTotal between February and April this year.

Open Happening

Vanilla Tempest late-September Microsoft Teams malvertising campaign

Campaign
First: 16.10.2025 19:58 Last: 16.10.2025 19:58 Sources 1

About this happening: The **late September 2025** **Vanilla Tempest** campaign used **SEO poisoning** and **malvertising** to push fake **Microsoft Teams** installers, including **MSTeamsSetup.exe**, t...

Latest development: 20.10.2025 13:00

Microsoft Threat Intelligence revoked over 200 certificates fraudulently signed by Vanilla Tempest and used in fake MS Teams setup files to deliver the Oyster backdoor and Rhysida ransomware. Microsoft also said the group used Trusted Signing, SSL[.]com, DigiCert, and GlobalSign to sign fake installers and post-compromise tools, and that fully enabled Microsoft Defender Antivirus blocks this threat.

Open Happening

Timeline

  1. 09.05.2026 22:27 2 articles · 17d ago

    JDownloader website compromise disclosed after malicious installer swap

    Initial Disclosure

    JDownloader developers disclosed that the official website had been compromised and that Windows Download Alternative Installer links and the Linux shell installer were replaced with malicious payloads affecting downloads made between May 6 and May 7, 2026. The team took the site offline to investigate, said in-app updates, macOS downloads, Flatpak, Winget, Snap packages, and the main JDownloader JAR package were unchanged, and advised users to verify installer digital signatures from AppWork GmbH before running files.

    Show sources
    Open in new tab