FossHub served some downloads with malware after hack

Fosshub, a site where foss software is available, has been hacked for some time. As a result, some Windows installation files of popular applications were replaced by malicious software that overwrites the master boot record. FossHub is currently offline.

FossHub has not yet released a statement, but at the moment the website is offline and no more files can be downloaded. Several programs, including at least Classic Shell and audio editing program Audacity, were presented with malicious content before the website went offline. The payload caused the mbr of the hard disk to be overwritten. It doesn’t look like the malware is doing anything other than overwriting the mbr. That’s annoying, but solvable.

The first report of strange behavior was on the Classic Shell forum. During the installation, the affected forum user was shown that the file came from an untrusted source. The user installed Classic Shell anyway and after a reboot he was directly in the bios. Not much later, Reddit also received reports about Audacity and possibly other applications.

After overwriting the mbr, it is no longer possible to boot normally. Exactly how the hackers were able to gain access to FossHub is not entirely clear. Hacker group Cult of Peggle does say in a tweet that they temporarily had full control of FossHub and that they also had access to the admin’s email.

Many open source projects do not serve downloads of their applications through their own servers. These projects often point to file-hosting sites, such as SourceForge or FossHub. For example, Audacity links directly to the files on FossHub from its download page.

Source: Ghacks.net