Compromised Installer Found Prior to May 5th
Hey all, I’ve got an installer that I downloaded on April 14th. Upon checking the signature, it’s signed by ZIPLINE TECH LLC., and the details cite the Copyright to 2010-2024 Water Team. The file is named JDownloader_739510.exe and is 29,397,392 bytes.
This is outside of the reported compromise window, but the signature and copyright lines up with what is being reported as compromised. Can anyone else confirm this? I have the URL it was downloaded from as well, it’s an Amazonaws.com server, but I can provide the full link if necessary. Can I get verification that this installer is safe? As of now my machine is off the network until I can verify.
Thanks!!
ETA: The SHA256 hash is 650894b47e1b46a74d4de9d7574fb19b032541e3
E2: I found this comment with a similar experience to mine that occurred on April 28th, icon for my installer shows the 7Z logo as well. https://www.reddit.com/r/jdownloader/s/N7luXx36km
E3: This may be a false alarm, this post from February raises the same questions. https://www.reddit.com/r/jdownloader/s/kpf5SNcAsa
If that’s the case, unfortunately BleepingComputer quoted the original Reddit post which contained misinformation, which in turn caused other news outlets to report the same. (Ctrl-F “Zip” or “Water” to find the respective section, though it’s just a direct quote of the original Reddit thread) https://www.bleepingcomputer.com/news/security/jdownloader-site-hacked-to-replace-installers-with-python-rat-malware/
Going to sleep now, 4:30 am and I’ve been scrambling to fix my pc for two hours now. Hoping to wake up to good news!