Does anyone know what's up with that? Couldn't find anything via Google. Seems really fishy to me.
Edit: Got the official explanation from the dev on Reddit:
AutoClick Feature of JDownloader works as following. Open the browser and wait few seconds, then take screenshot and search for the Recaptcha click area and auto click on it. Screenshot is needed so JDownloader knows where to click. You can disable this feature, see https://support.jdownloader.org/de/knowledgebase/article/jd-opens-my-browser-to-display-captchas
On Linux, JDownloader creates screenshot to find out the color of tray area so it can try to find it's tray icon and calculate the correct background color for transparency. You see the JDownloader icon having white background. You can disable this via Settings->Advanced Settings->Tray.gnometrayicontransparentenabled
that does not say its dns settings are as you set them. if you use a default or weak password for your routers config page, an attacker could change its setting from the outside via dns rebinding, then scanning your net, finding your router, trying passwords and when succesfull changing firewall rules or change dns settings to make your programs check the attackers repository proxies instead of their vendor ones.
dns rebind: https://www.packetlabs.net/posts/what-are-dns-rebinding-attacks/
so better check its dns settings, that it likely is pushing to dhcp clients, too.
jdownloader could theoretically also got hacked by a site you were downloading from. maybe having a complete list of what you downloaded and check those again but using source provided (and signed?) hashes could reveal something fishy.
maybe (if thats possible there) make a memory/debug dump from the process in that condition and ask the vendor to look at it.
maybe check your downloaders binary hashes and compare it to the vendors signed ones.