For over three years, a download site secretly served Linux users malware that stole sensitive information, including passwords and cryptocurrency wallet files. The site, freedownloadmanager[.]org, intermittently redirected users to a malicious domain that offered a compromised version of the Free Download Manager app. The malware went undetected until 2022, highlighting the difficulty of spotting cyber attacks on Linux machines. The researchers suspect a supply chain attack and have provided file hashes and domain and IP addresses for users to check if they’ve been targeted.