The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows and Linux installers, with the Windows payload found deploying a Python-based remote access trojan.

The supply chain attack affects those who downloaded installers from the official website between May 6 and May 7, 2026 via the Windows “Download Alternative Installer” links or the Linux shell installer.

According to the developers, the attackers modified the website’s download links to point to malicious third-party payloads rather than legitimate installers.