FDM said its investigation uncovered a vulnerability in a script on its site that the hackers exploited to tamper with the download page and lead the site visitors to the fake domain deb.fdmpkg[.]org hosting the malicious .deb file.