As a result of hacking a famous opensource hosting, distributions of Audacity, Classic Shell and others were infected.

On August 2, the FOSShub site was hacked . This is a free hosting on which developers of free and open source software host their applications. The most famous products that users download from FOSShub are Audacity and Classic Shell. They scored 25 million and 15 million downloads, respectively.

After hacking, the site distributed infected versions of applications for some time. The attackers modified their source code and uploaded it to the FOSShub server. The installers (for Windows) of ClassicShell, qBittorent, Audacity, and possibly some others were replaced with a trojan that overwrites the MBR, leaving a message from the hacker group PeggleCrew.
')
After installing the infected software and restarting the computer, the operating system stopped loading.

Master Boot Record (master boot record, MBR) is the code and data necessary for the subsequent loading of the operating system and located in the first physical sectors (most often in the very first) on a hard disk or other storage device.

The infected distribution kit of Audacity sound editor version 2.1.2 was available for download on FOSShub for 3 hours. After that, the administrators noticed the problem and fixed it.

Audacity is a free multi-platform audio editor for audio files focused on multi-track operation. The program has been released and is distributed under the terms of the GNU General Public License. Works on the following operating systems: Microsoft Windows, Linux, Mac OS X, FreeBSD and others.

The users of Classic Shell were less fortunate: about 300 people managed to download the modified software.

Classic Shell is a free set of open source utilities (up to version 3.6.8) for returning to the previous interface in Windows Vista and higher. It consists of three components: Classic Start Menu - allows you to return to the previous Start menu, Classic Explorer adds the toolbar to Windows Explorer, and Classic IE9 allows you to customize the panels in Internet Explorer. It works as a separate application and does not change the system settings.

In order to further protect users, the developers of Classic Shell have prepared instructions on how to check the operating system for infection. In addition, they published ways to solve the problem if the computer is infected and has already rebooted.



It is believed that at the moment, on August 4, all the hacked versions of the applications have been removed from the FOSShub site.

PeggleCrew had previously hacked Ringo Star’s Twitter accounts and the NFL (National Football League). On behalf of the league, they published false information about the death of NFL Commissioner Roger Goodell.