Does anyone know what's up with that? Couldn't find anything via Google. Seems really fishy to me.
Edit: Got the official explanation from the dev on Reddit:
AutoClick Feature of JDownloader works as following. Open the browser and wait few seconds, then take screenshot and search for the Recaptcha click area and auto click on it. Screenshot is needed so JDownloader knows where to click. You can disable this feature, see https://support.jdownloader.org/de/knowledgebase/article/jd-opens-my-browser-to-display-captchas
On Linux, JDownloader creates screenshot to find out the color of tray area so it can try to find it's tray icon and calculate the correct background color for transparency. You see the JDownloader icon having white background. You can disable this via Settings->Advanced Settings->Tray.gnometrayicontransparentenabled
Router is my own and up to date. JDownloader is installed via flatpak, which I thought I could trust. Thanks to flatpak it also doesn't have the ability to see anything else from my system.
that does not say its dns settings are as you set them. if you use a default or weak password for your routers config page, an attacker could change its setting from the outside via dns rebinding, then scanning your net, finding your router, trying passwords and when succesfull changing firewall rules or change dns settings to make your programs check the attackers repository proxies instead of their vendor ones.
dns rebind: https://www.packetlabs.net/posts/what-are-dns-rebinding-attacks/
so better check its dns settings, that it likely is pushing to dhcp clients, too.
jdownloader could theoretically also got hacked by a site you were downloading from. maybe having a complete list of what you downloaded and check those again but using source provided (and signed?) hashes could reveal something fishy.
maybe (if thats possible there) make a memory/debug dump from the process in that condition and ask the vendor to look at it.
maybe check your downloaders binary hashes and compare it to the vendors signed ones.
from the actual official site it seems it doesn't list a flatpak source, so it might be uploaded by someone else who injected their own modifications
Flathub downloads from the official site: https://github.com/flathub/org.jdownloader.JDownloader/blob/master/org.jdownloader.JDownloader.yaml
It is unverified from the flathub page, and https://jdownloader.org/.well-known/org.flathub.VerifiedApps.txt does not point to a GUID. This is not a first party upload.
Yeah, but doesn't flathub use the scripts in their git repository to build the flatpak? That way we can verify that everything comes from the official source without having to rely on those scripts being supplied by someone officially.