Some software programs on Fosshub, a free project hosting service, appear to be compromised and serve malware payloads .
Fosshub is a popular file hosting service that software projects such as Classic Shell, qBittorrent, Audacity, MKVToolNix, and others use as their primary file download service.
Basically, what these projects do is link either directly to download files hosted by Fosshub, or link to a download page for their programs on Fosshub.
A thread started on August 2 on the Classic Shell forum by a new user indicated that the user's computer would not boot Windows anymore after installing the application.
The message displayed reads:
AS YOU REBOOT, YOU FIND THAT SOMETHING HAS OVERWRITTEN YOUR MBR !
IT IS A SAD THING YOUR ADVENTURES HAVE ENDED HERE!
DIRECT ALL HATE TO PEGGLECREW (@CULTOFRAZER ON TWITTER)
Other users replied stating that they too were experiencing issues. The malware payload included in the software installer overwrites the Master Boot Record of the operating system. Systems won't boot anymore because of it.
Windows users may correct the issue using a Windows Repair disc, a third-party solution like TestDisk, or backups if they have been created previously.
If you can boot into recovery mode, running the commands bootrec /fixmbr, bootrec /fixboot and bootrec /rebuildbcd may also fix the issue.
It appears that the payload will overwrite only the Master Boot Record of the operating system. While that is still a nuisance, it is better than having to deal with malware that encrypts, deletes, steals or modifies data on the PC.
It is highly suggested to avoid downloading files from Fosshub for the time being until the issue is corrected on their end. It appears that at least some files are still infected at the time of writing.
Most projects support download mirrors that you may use instead. It is still suggested to verify the downloads on Virustotal before you execute them just to be on the safe side.Advertisement
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.