Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FossHub apparently hacked, ClassicShell installer kills the MBR


  • Please log in to reply
3 replies to this topic

#1 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:31 AM

Posted 02 August 2016 - 09:33 PM

Stumbled upon this while browsing /g/. The ClassicShell on FossHub is infected (was swapped) and will kill the MBR. FossHub could have been breached so I would hold downloading software from there for now.

http://www.classicshell.net/forum/viewtopic.php?f=12&t=6434

Edit: Culprit confirmed. They even liked my tweet.

https://twitter.com/CultOfRazer?s=09

They report to have swapped the Audacity installer too.

Edited by Aura, 02 August 2016 - 09:51 PM.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops

  • Topic Starter

  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:31 AM

Posted 03 August 2016 - 09:23 AM

Article on Softpedia: http://news.softpedia.com/news/hacker-compromises-fosshub-to-distribute-mbr-hijacking-malware-506932.shtml

One of my tweet was included, where the culprit admit to having compromised Audacity and an admin email as well.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 bwv848

bwv848

    Bleepin' Owl


  • BSOD Kernel Dump Expert
  • 3,029 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:02:31 AM

Posted 06 August 2016 - 09:02 AM

Did you see danooct1's video on it? Really cool to see new MBR malware today...

https://m.youtube.com/watch?v=DD9CvHVU7B4

If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)


#4 cheb

cheb

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 AM

Posted 19 August 2016 - 11:20 AM

sigh.

 

i use classicshell.net win8 startmenu.

 

facepalm

 

:smash:






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users