JDownloader website hacked to serve malware via Windows and Linux installers
JDownloader’s official website was breached and used to distribute malware through installer downloads for over a day before the issue was confirmed. Attackers exploited an unpatched website vulnerability, gaining the ability to alter access control settings and modify download links. This allowed them to replace all alternative Windows installer links with malicious unsigned executables, marked by the unusual publisher “Zipline LLC” rather than the expected “AppWork.”
On Linux, the shell installer was also swapped for a version containing malicious shell code. However, following user reports and Windows SmartScreen warnings, the team responded by taking the website offline while conducting a full investigation. The breach did not affect the main JDownloader.jar file or macOS installers. Packages released via WinGet, Flatpak, and Snap, as well as in-app updates, remained safe due to independent infrastructure and signature protections. Some users who ran the compromised installers experienced malware that allegedly disabled Windows Defender.
The incident fits a supply chain style attack because it abused JDownloader’s reputation and website traffic to spread malware directly to end users, echoing another recent attack where CPUID website was compromises by hackers that used the official site behind CPU-Z and HWMonitor to distribute a suspicious installer.
- Download Manager
- Free
- Proprietary
External links
- JDownloader — Website installer incident (May 2026)JDownloader • Official source
- JDownloader site hacked to replace installers with Python RAT malwareBleeping Computer
- If you downloaded this popular software recently, you might have installed malwareNeowin
- JDownloader developers confirm site hack, warn of malicious Windows and Linux installersPiunikaWeb
Comments
no one should be using jdownloader anyway, it fills windows with more bloatware and it has no real advantage over any other download manager inexistance.
I think you have had a significantly different experience with JDownloader that I have had. I have used JDownloader for years. I would like to emphasize, that statement is not from the usual internet practice of over-exaggeration, but an honest reflection of my experience. I have never had any bad experience from JDownloader, but from me being an idiot and not being vigilant on the internet. Besides who have claimed that JDownloader have any "advantage"? No download manager have an inherent advantage, since they are all performing the same task. The reason I prefer JDownloader, over alternatives, is that I can FULLY customize my workflow, and how I implement it. Fx; I have several proxy sets, that I implement based on the location, of the data that I am downloading. Which gives me multiple potential vectors, to retrieve the data, and therefore achieving a "faster" download of all the data.