Attackers replaced JDownloader installer downloads with malware

JDownloader's official website was compromised on May 6–7, 2026: attackers altered specific installer downloads (Windows alternative installer and Linux shell installer) to distribute a Python‑based RAT via an unpatched CMS ACL vulnerability. The developers confirmed the breach, removed the site for remediation, restored verified installers by May 8–9, and advised users to check digital signatures and scan systems; Malwarebytes has blocked domains associated with the RAT.