Attention – Some Fosshub Downloads Compromised

It’s been quite a while since I’ve used Fosshub, but for those who do, it might be a good idea to avoid it for a while.

Some software programs on Fosshub, a free project hosting service, appear to be compromised and serve malware payloads. Fosshub is a popular file hosting service that software projects such as Classic Shell, qBittorrent, Audacity, MKVToolNix, and others use as their primary file download service.

Basically, what these projects do is link either directly to download files hosted by Fosshub, or link to a download page for their programs on Fosshub.

A thread started on August 2 on the Classic Shell forum by a new user indicated that the user’s computer would not boot Windows anymore after installing the application.

fosshub classic shell infected

The message displayed reads:

AS YOU REBOOT, YOU FIND THAT SOMETHING HAS OVERWRITTEN YOUR MBR !
IT IS A SAD THING YOUR ADVENTURES HAVE ENDED HERE!
DIRECT ALL HATE TO PEGGLECREW (@CULTOFRAZER ON TWITTER)

Other users replied stating that they too were experiencing issues. The malware payload included in the software installer overwrites the Master Boot Record of the operating system. Systems won’t boot anymore because of it.

Windows users may correct the issue using a Windows Repair disc, a third-party solution like TestDisk, or backups if they have been created previously.

If you can boot into recovery mode, running the commands bootrec /fixmbr, bootrec /fixboot and bootrec /rebuildbcd may also fix the issue.

It appears that the payload will overwrite only the Master Boot Record of the operating system. While that is still a nuisance, it is better than having to deal with malware that encrypts, deletes, steals or modifies data on the PC.

It is highly suggested to avoid downloading files from Fosshub for the time being until the issue is corrected on their end. It appears that at least some files are still infected at the time of writing.

Most projects support download mirrors that you may use instead. It is still suggested to verify the downloads on Virustotal before you execute them just to be on the safe side.

Link to Original Content

Tags: , , ,

Comments are closed.