JDownloader Website Compromised to Distribute Python RAT via Malicious Installers

The official JDownloader website was compromised to replace its Windows and Linux installers with malicious versions. The Windows payload deploys a Python-based remote access trojan (RAT), granting attackers persistent remote control over infected systems.

JDownloader is a widely-used open-source download manager with a large consumer install base. Anyone who downloaded an installer directly from the official site during the compromise window should treat their system as backdoored. Affected users should remove the software, hunt for unexpected Python processes and persistence entries, and re-download only after confirming the site has been restored to a clean state.

The technique — silently swapping legitimate first-party installers on a project’s own domain — exploits the inherent trust users extend to official distribution channels, bypassing typical supply chain defenses focused on third-party repositories.