[Malware Warning] Do Not Download/Install/Update software from Fosshub

Melody

Melody

Banned
    • 6,454
    Posts
    20
    Years
    Source: https://www.reddit.com/r/pcmasterrace/comments/4vw21h/massive_psa_do_not_download_classic_shell_read/

    Users of the program Classic Shell (For Windows 8/8.1/10) and Audacity (Free windows audio editor) should not attempt to download a new version of their software as Fosshub; a prominent hosting website for these software downloads has been breached by a hacker crew calling themselves "Pegglecrew"

    More source comments that may be helpful:
    https://www.reddit.com/r/pcmasterra...sa_do_not_download_classic_shell_read/d624vwf
    Classic Shell itself wasn't compromised. FossHub was and some download links were replaced by another program, not signed, that do only one thing: overwrite the MBR. It's not an infected version of Classic Shell, Audacity or whatever, it's only a small program that targets your MBR. If at the end of the installation process nothing happens beside a short cmd window then you have downloaded the malware.
    Oh and MBR can be fixed. On ClassicShell forum someone used TestDisk: https://www.classicshell.net/forum/viewtopic.php?f=12&t=6434#p27967
    Click to expand...

    https://www.reddit.com/r/pcmasterra...sa_do_not_download_classic_shell_read/d61w40i
    The official download for classic shell has been compromised the program will overwrite your MBR.
    I fixed the issue using g-parted it was on a fresh install of windows 10 so no data loss.
    the GNOME Partition Editor will fix the issue and your data should still be intact.
    This MBR malware also seems to destroy windows USB repair drives seen here on my test PC
    https://twitter.com/CultOfRazer/status/760563322500636672 I also talked a bit with 1 member of the group responsible for this.
    Classic Shell thread https://www.classicshell.net/forum/viewtopic.php?f=12&t=6434
    danooct1 - Malware reviewing youtuber is aware of this https://prntscr.com/c0xiec
    The creator(s) of this malware are aware of this post https://twitter.com/CultOfRazer/status/760645909545947137
    S̶o̶m̶e̶ ̶p̶e̶o̶p̶l̶e̶ ̶a̶r̶e̶ ̶r̶e̶p̶o̶r̶t̶i̶n̶g̶ ̶t̶h̶e̶i̶r̶ ̶h̶a̶r̶d̶ ̶d̶r̶i̶v̶e̶(̶s̶)̶ ̶a̶r̶e̶ ̶b̶e̶i̶n̶g̶ ̶f̶o̶r̶m̶a̶t̶t̶e̶d̶ ̶i̶f̶ ̶t̶h̶e̶y̶ ̶r̶e̶s̶t̶a̶r̶t̶ ̶a̶ ̶c̶e̶r̶t̶a̶i̶n̶ ̶a̶m̶o̶u̶n̶t̶ ̶o̶f̶ ̶t̶i̶m̶e̶s̶.̶ ̶(̶N̶o̶ ̶P̶r̶o̶o̶f̶)̶
    No hard drives are being formatted but data loss is possible.
    Look out Audacity users, they have a payload that meant is to the same damage to audacity downloads.
    https://prntscr.com/c0xzwh
    Edit: Audacity downloads have been compromised (On FossHub)
    ~12:50 PM - 2 Aug 2016 is the time downloads where officially compromised.
    https://www.youtube.com/watch?v=DD9CvHVU7B4 danooct1- demonstrates the malware.
    And link on how to fix this:
    https://www.classicshell.net/forum/viewtopic.php?f=12&t=6434&p=28007#p28007
    Click to expand...
     
    Last edited:
    I'm glad its just script kiddies. Better then the crypto virus for example. In fact, id go far enough to say that this was an almost harmless prank. Basically, they tell you what they did. Part props to them, and good job hacking FossHub.


    DISCLAIMER: I don't support viruses, nor think this is the best. Just far better then what iit could've been.
     
    I swear, there isn't a single website or program safe out there.

    Luckily for me, I have a whole arsenal of security to keep my PC in top notch shape.
     
    It's harmless to anyone who is clever enough to use a search engine to look up, "fix mbr because of virus"
    most people have smart phones, it wouldn't be too hard. Hell, if I wasn't tech savvy, I would do just that. Same thing if, like, the pipe in my house broke. I'd try to figure it out before spending thousands for a plumber.


    is it harmless to old people, or people that don't know how to use a search engine? Yeah. But the wouldn't know how to wipee a computer anyway. Besides, old people wouldn't download these applications most likely. And the non tech savvy people who can't search probably don't know what Foss hub is.
     
    As usual, it is important to download programs only from their official sources, or from a certified packager. Audacity at least offers alternative, official download sites, these are good for comparing the two versions of the program (even if that means downloading twice) which allows one to easier suspect if there's anything wrong.

    Sad to see that fosshub got hit with this malware, but good to see they have responded well. And thanks for the notice!
     
    You must log in or register to reply here.
    Back
    Top