The JDownloader team said that its initial investigation confirmed a limited but serious breach. The attackers specifically modified the alternative download page on May 6. They replaced all the alternative Windows installer links with their own malicious, unsigned executables.

The Linux shell installer was also swapped with a version containing malicious shell code. However, the team was quick to reassure users that the main JDownloader.jar file, macOS installers, and packages from repositories like Winget, Flatpak, and Snap were never compromised. Those packages rely on separate infrastructure secured with checksums, and in-app updates are protected by end-to-end digital signatures.