Fosshub gets violated by hackers to deliver MBR rewriting Trojan

Spread the love

We always tend to disregard the security advice while installing a program on our PCs. We all have seen and ignored the- 'This type of file can harm your computer" warning thousands of times. We run untested programs without even an antivirus in our computer. But then some people can present to us the importance of these. Recently, a hacker group named Pegglecrew proved that these warnings mean what they say.
For a day, all downloads of Classic Shell or audio editing software Audacity from Fosshub risked the download of a Trojan that rewrites your Master Boot Record (MBR) for Windows. MBR has the information about the booting process of your computer.
The Trojan gave no initial sign. Once you reboot your system your MBR gets rewritten, and a message gets flashed- "It is a sad thing your adventures have ended here! Direct all hate to Pegglecrew (@cultofrazer on Twitter)." After the flash message, to reboot your computer, you need to recover your MBR by any means.
The Twitter handle @cultofrazer belongs to the gaming company Razer which was hacked by this group. The tweets posted by Pegglecrew stay removed now. In one of the tweets, the group said that it managed to hack the Audacity and Fosshub servers and even the admin email of Fosshub server.
These virus codes didn't do any harm to the PC. They just rewrote the MBR. But the systems were nowhere close to secure. The group could have stolen data and information from these computers. Pegglecrew claimed an attempt to install a rootkit but after initial failure, they gave up.
An anonymous Pegglecrew member wrote a mail to Softpedia. He said- "We were able to grab data from this network service to get source code and passwords. These led us further into the infrastructure of FossHub. Eventually, we had control of their production machines, backup, mirror locations, and FTP credentials for the caching services as well as the Google Apps hosted email."
Pegglecrew also disclosed the purpose of this hack to Gizmodo. The crew stated- "We targeted Fosshub because we wanted inform people to keep better care of their security. All the users clicked past a prompt telling them that it could be dangerous. That's just one example of user carelessness, and it barely amounts to the quantity of terrible passwords and other terrible practices."
It's peculiar that the 'About us' of Fosshub states "No adware, No spyware, No bundles, No malware, Fast downloads, Free services and a single ad. Most people like us."
Audacity published a blog for the confession. It admitted the compromise of its servers. Audacity says that the windows installer 2.1.2 that got hacked is now replaced. Also, the hacked accounts on have been deactivated. It claimed that the firm is alarmed, and in collaboration with Fosshub will ensure the avoidance of such incidents in future.
Fosshub published a separate apologia on Reddit breaking the ice about the incident. They told that they had to shut down their primary server to stop the Trojan from dispersing. They worked for 30 hours straight without a break to recover things up.
Above incident is a deterrent showing us why we must take the security of our computers rather more seriously. We must take our time to check the software before installing else the result can be a nightmare. Audacity in its blogs always warned the users to use antivirus and firewalls for security and verify all the downloaded files with online file verification tools. It also warns us against deceptive ads.