JDownloader Site Hacked to Distribute Python RAT Malware to Users
The website for JDownloader, a popular download manager, was compromised to distribute malicious installers for Windows and Linux. The attack, which occurred between May 6 and May 7, 2026, involved altering download links on the official site to point to malicious payloads. The Windows payload deployed a Python-based remote access trojan (RAT). The breach was first reported by a Reddit user who noticed that the installers were flagged as malicious by Microsoft Defender. The JDownloader developers confirmed the compromise, stating that attackers exploited an unpatched vulnerability in the website's content management system. This allowed them to change access control lists and content without authentication. The attack affected only the alternative Windows installer and the Linux shell installer links, while other download methods remained secure. Users are advised to verify the legitimacy of installers by checking digital signatures and to reinstall their operating systems if they executed the compromised ... 
