Researchers discovered that a download site served #Linux users #malware for over 3 years, stealing passwords and sensitive information. The malicious version of the Linux app, Free Download Manager, was served through domain deb.fdmpkg[.]org. The malware collected system information, browsing history, passwords, and credentials for cloud services before uploading the data to the attackers' infrastructure.

https://arstechnica.com/security/2023/09/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed/