incident
JDownloader Supply-Chain Attack Deploys r77 Rootkit and WDAC Policy to Disable AntivirusJDownloader Supply-Chain Attack with r77 Rootkit and WDAC Policy
Attackers compromised the official JDownloader website and replaced download links with trojanized installers. The malicious installer deploys a Python bot, an r77 rootkit, and a WDAC policy that blocks 50 security executables from running, effectively killing antivirus protection. The attack uses dead-drop resolvers for resilient C2 communication.