A hacker that goes by thehandle on Twitter has compromised Fosshub and embedded malware inside some of the files hosted on the website that were offered for download.
According to Cult of Peggle, he breached the website and embedded a malware payload inside some of the files hosted on, a downloads portal, in the same category as Softpedia.
Infected applications include Audacity, an audio editor and recorder, and Classic Shell, an app for enhancing the Windows desktop experience.
Based on tweets, the hacker seems to have compromised the Fosshub accounts for the developers of those two projects.
Malware rewrote MBR with harmless message
According to multiple reports from users complaining onand the forums, only seemed to rewrite the user’s MBR (Master Boot Record), a section of the hard drive containing information about the computer’s boot-up procedure.
After users downloaded and installed the compromised software from Fosshub, the next time the user would reboot, the rewritten MBR would show a blank black screen with a message from the hacker:
“ As you reboot, you find that something has overwritten your MBR! It is a sad thing your adventures have ended here! Direct all hate to PeggleCrew (@CultofRazer on Twitter) Greetz: Eclipso, Bubsv, Conflict, Wizards of the Coast, JewInvader, LagFish, Roland, Josh Burress, Jacob Gruentzel, AF, Teridax, John Cena, Ethan Ralph, Vince (RIP) ”
In subsequent tweets, the hacker said that he tried to insert an EFI payload (rootkit), but had failed, and since it was only a joke for him, he later gave up.
Users can recover their computers from the malware’s effects
The current MBR malware’s effects can be easily reverted. Below is a YouTube video recorded by danooct1 that features some recovery instructions for affected users. Additionally, the Classic Shell forums also contain.
An hour before this article’s publication, Fosshub administrators took down the website. On Twitter, the hacker said he didn’t dump the site’s database but said that “passwords weren’t salted.”
Cult of Peggle is actually another name for Peggle Crew, the hacking crew that in the past had hijacked the Twitter accounts ofand the NFL (National Football League), announcing the NFL Commissioner as a prank.
Softpedia has reached out to Cult of Peggle and the article may be updated with new information.
To anyone upset: At least we didn’t decide to steal all your shit. Because you ran that as admin. We totally could’ve installed a rootkit. — Cult of Peggle (@CultOfRazer)
We could’ve ran the installer and just stole everything from you, like malware today.
Think about that the next time you install something.
— Cult of Peggle (@CultOfRazer)