We just found out that our primary hosting site fosshub.com has been attacked by some hackers who modified the installation files of popular software to distribute viruses (more information available for example here)
Good news first: The JabRef downloads are currently NOT affected by this attack.
I.e., if you have recently downloaded JabRef from fosshub.com and the installation has succeeded everything should be fine.
However, as a precaution we have removed the link to fosshub.com from our website and now link directly to the GitHub release page: https://github.com/JabRef/jabref/releases/tag/v3.5
Another safe download mirror can be found here: https://sourceforge.net/projects/jabref/files/v3.5/
In order to be sure that an already downloaded file is not compromised you can use the following hashes:
JabRef Windows Installer (64 bit) - 25.13 MB | version: 3.5 MD5: fdf4fa0e33019b2882c39e2066c65fb5 SHA1: 8709f73a4204b882fec7ef6b9877774708a13f8d SHA256: 9438a6762db4e4504793d5a1dd05a18f7772fbe0d77c06eaeb83e4b80bd5922c JabRef Platform independent runnable JAR - 23.83 MB | version: 3.5 MD5: c63caa885622c9057c6e926ffc0ed132 SHA1: e6892ad307947429311db8db452b607ce3e2b0af SHA256: b5a9148008005f7ba081614693275d6b9226875286e99cda47d2648c583708a7 JabRef Mac OS X - 24.46 MB | version: 3.5 MD5: ffd9845d1d3769324ec371e6cd515957 SHA1: da1fcdebcc70658fe0ecd7827e2a8f88855392b5 SHA256: fea9b90668c94c31e18c0a6593adacb84e1247aa4f937ddeb8719deb2a900e4c JabRef Windows Installer (32 bit) - 25.04 MB | version: 3.5 MD5: a3765d5568b88bdb9197725f04d7a15e SHA1: 0d7593fbca6dbb8270ca9fc2674159a3477be9c0 SHA256: 1f891a7c539844594fb50aab073db1d8c5d55a9d52fbcf669546f82d82da1469
Or you can upload the file at https://www.virustotal.com where it is checked by more than 50 different virus scanning tools.