Does anyone know what’s up with that? Couldn’t find anything via Google. Seems really fishy to me.
Edit: Got the official explanation from the dev on Reddit:
AutoClick Feature of JDownloader works as following. Open the browser and wait few seconds, then take screenshot and search for the Recaptcha click area and auto click on it. Screenshot is needed so JDownloader knows where to click. You can disable this feature, see https://support.jdownloader.org/de/knowledgebase/article/jd-opens-my-browser-to-display-captchas
On Linux, JDownloader creates screenshot to find out the color of tray area so it can try to find it’s tray icon and calculate the correct background color for transparency. You see the JDownloader icon having white background. You can disable this via Settings->Advanced Settings->Tray.gnometrayicontransparentenabled
you … installed the JackassDownloader !!!
maybe check your routers and pc’s dns settings, if you have a router from your provider, maybe its outdated as hell and jdownloaders updater got redirected by someone who hijacked it?
This is off topic to OP, but can you please elaborate on Jackass downloader comment? I’ve been using jD2 for literal years now and have yet to find an alternative that works as well, especially for a large amount of link crawls from a single clipboard. What is the issue with it, and what would your suggested alternative be?
the jackass addition was a joke from my side as it fits the j in front and the situation presented perfectly, no matter if the original app did so or if it was hijacked somehow.
however i used to use a separate downloader a very long time ago, when downloading i.e. an iso image for a new foss os took just too long, could be interrupted by time-togo-to-bed or anything else.
one day i learned about another downloader to be spying. at that time the downloaders in good browsers did what i needed and i turned completely away from separate downloaders as using more products always increase the attack surface and i didnt need such any longer.
for crawling i guess there are better tools than a downloader that needs to be fed by clipboard.
for downloading a lot of files in parallel from a list, i would personally use a quickly coded script (download link from parameters using wget or on failure append the link to a failed-list) and then use something like:
cat list | xargs --some-parameters ./dl-script.sh
so that i could set limits of parallel downloads using the xargs parameters while not needing any extra software and beeing able to redownload the failed ones by just renaming the lists filename and run the command again.
wget seems to support resume too, so i’ld try it that way but i never needed to.
if you need the resume feature or download a lot on a daily basis, want adjustable speed limits by few clicks etc. a specialized downloader application is probably a better way to go and usually has a gui if you need that, but i have no need for downloaders and thus cannot recommend any except for quick use of wget and xargs maybe ;-)
in general however i have ‘learned’ to try to prevent the use of products of specific programming languages which i had often more problems with than with others. its perl, ruby and java programs i try to prevent to use whenever possible. but that is based on personal experience like with ruby programs often basics (like turn on logging to find the problem didnt even log a single line not even in its debug mode) that are needed to at least administrate such programs were missing, bad or unhandy like java’s log4js default log rotation was horrible to use when forwarding logs and log4j was another thing by itself. However thats personal preferece to not use programs coded in these languages. same as with not using that one os vendors programs that are always in the news since decades with every week or so yet another 100% preventable security issue ;-) i just don’t like such.
JD2 is fine, nothing wrong with it. smb meant that op might have gotten his installation hijacked by an attack, essentially replacing his legit install with malware.
Router is my own and up to date. JDownloader is installed via flatpak, which I thought I could trust. Thanks to flatpak it also doesn’t have the ability to see anything else from my system.
that does not say its dns settings are as you set them. if you use a default or weak password for your routers config page, an attacker could change its setting from the outside via dns rebinding, then scanning your net, finding your router, trying passwords and when succesfull changing firewall rules or change dns settings to make your programs check the attackers repository proxies instead of their vendor ones.
dns rebind: https://www.packetlabs.net/posts/what-are-dns-rebinding-attacks/
so better check its dns settings, that it likely is pushing to dhcp clients, too.
jdownloader could theoretically also got hacked by a site you were downloading from. maybe having a complete list of what you downloaded and check those again but using source provided (and signed?) hashes could reveal something fishy.
maybe (if thats possible there) make a memory/debug dump from the process in that condition and ask the vendor to look at it.
maybe check your downloaders binary hashes and compare it to the vendors signed ones.
from the actual official site it seems it doesn’t list a flatpak source, so it might be uploaded by someone else who injected their own modifications
Flathub downloads from the official site: https://github.com/flathub/org.jdownloader.JDownloader/blob/master/org.jdownloader.JDownloader.yaml
It is unverified from the flathub page, and https://jdownloader.org/.well-known/org.flathub.VerifiedApps.txt does not point to a GUID. This is not a first party upload.
Yeah, but doesn’t flathub use the scripts in their git repository to build the flatpak? That way we can verify that everything comes from the official source without having to rely on those scripts being supplied by someone officially.