Fosshub breached - Files left infected
#1
Hey ub!

Some Fosshub (a free project sharing host) projects seem to have been comprimised and now serve infected files.
Projects like Audacity, Classic Shell, qBitTorrent and many more are hosted on Fosshub.
As far as I know only Audacity and Classic Shell are affected. 

The site has been taken offline and a cached copy is now shown by cloudfare.

The malware served seems to overwrite your mbr.
A thread started on August 2 on the Classic Shell forum by a new user indicated that the user's computer would not boot Windows anymore after installing the application.
A message would say:
Code:
AS YOU REBOOT, YOU FIND THAT SOMETHING HAS OVERWRITTEN YOUR MBR !
IT IS A SAD THING YOUR ADVENTURES HAVE ENDED HERE!
DIRECT ALL HATE TO PEGGLECREW (@CULTOFRAZER ON TWITTER)


Windows users can fix the issue using a Repair disc, a third-party solution like TestDisk, or backups if they have been created previously.

If you boot into recovery mode, run the commands bootrec /fixmbr, bootrec /fixboot and bootrec /rebuildbcd may also fix the issue.
#2
Blimey, that's quite a drastic intrusion. That is a large website hosting some of the popular software programmes.
This would have affected loads of peoples PC's and I can see the less computer literate users pay out hundreds of pounds to get it repaired.
Reply
#3
Props to them on a nice attack as Fosshub has some big name projects on it.

Firstly, I don't see the point in this. I can understand their motivation but really, just an MBR rewrite to prevent machines from booting? I feel like their execution left a lot to be desired. Secondly, maybe I'm too damn old to understand it, but what's with all the groups calling themselves things like Peggle/Poodle as of late? Was there a trend or something I missed out on? Do things need to start with P and have repeating consonants to get recognized these days?
Reply
#4
(08-03-2016, 06:00 PM)Albus Wrote: Secondly, maybe I'm too damn old to understand it, but what's with all the groups calling themselves things like Peggle/Poodle as of late? Was there a trend or something I missed out on? Do things need to start with P and have repeating consonants to get recognized these days?

It's just kids thinking they're funny with their names.
Reply
#5
(08-03-2016, 06:00 PM)Albus Wrote: Props to them on a nice attack as Fosshub has some big name projects on it.

Firstly, I don't see the point in this. I can understand their motivation but really, just an MBR rewrite to prevent machines from booting? I feel like their execution left a lot to be desired. Secondly, maybe I'm too damn old to understand it, but what's with all the groups calling themselves things like Peggle/Poodle as of late? Was there a trend or something I missed out on? Do things need to start with P and have repeating consonants to get recognized these days?

They're trying to "send a message".
Reply
#6
(08-03-2016, 06:19 PM)Soap Wrote: They're trying to "send a message".

Punks. I'm not saying all hacks have to have meaning, but to target an open source distributor? They clearly don't have a true hacker mentality. They just want to break things.
Reply
#7
Thanks for sharing this, I didn't know. I use Audacity a lot and luckily I won't get infected now as I know this.

Also, I never really understood hackers who put their name, twitter or whatever out in the public like that. Only attention craving idiots do such things and not true hackers. Pathetic.

(08-03-2016, 06:34 PM)Albus Wrote: They clearly don't have a true hacker mentality. They just want to break things.

They kind of do though, don't they? I'd consider this to be a pretty classic black hat thing to do.
Reply
#8
(08-03-2016, 07:37 PM)Jurij Wrote: They kind of do though, don't they? I'd consider this to be a pretty classic black hat thing to do.

I don't think so. I feel this is like going out with the prom queen and coming home early in the evening.
If you're putting in the work for a decent score you don't brag about it on Twitter, share your identifying info, post on the forum of a compromised software. You plant a payload and reap benefits as long as you can. If you're only after the "Look what I can do" and the ensuing attention, I suppose it has purpose. There's no cause, no financial gain - just a brief ego boost that'll fade before long until the next stunt.
Reply
#9
(08-03-2016, 07:44 PM)Albus Wrote: I don't think so. I feel this is like going out with the prom queen and coming home early in the evening.
If you're putting in the work for a decent score you don't brag about it on Twitter, share your identifying info, post on the forum of a compromised software. You plant a payload and reap benefits as long as you can. If you're only after the "Look what I can do" and the ensuing attention, I suppose it has purpose. There's no cause, no financial gain - just a brief ego boost that'll fade before long until the next stunt.

When you see it that way I guess I can agree. Okay, maybe they're shitty black hats instead of just black hats. Wink
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)