- Jan 24, 2011
- 9,378
A hacking crew that goes by the name of PeggleCrew has compromised Fosshub and embedded malware inside the files hosted on the website and offered for download.
According to Cult of Peggle, one of the group's four members, the team breached the website and embedded a malware payload inside some of the files hosted on Fosshub, a downloads portal, in the same category as Softpedia.
"In short, a network service with no authentication was exposed to the internet," the hacker told Softpedia in an email. "We were able to grab data from this network service to obtain source code and passwords that led us further into the infrastructure of FOSSHub and eventually gain control of their production machines, backup and mirror locations, and FTP credentials for the caching service they use, as well as the Google Apps-hosted email."
On Twitter, the hacker said he compromised the entire website, including the administrator's email. He also revealed he didn't dump the site's database but claimed that "passwords weren't salted."
Later, Cult of Peggle told Softpedia that they "in fact dump[ed] the partner database for FOSSHub, the database containing usernames and logins for application developers who uploaded their binaries through the site. Our tweet on the subject may not have been clear," the hacker explained.
"We initially replaced the Audacity and Classic Shell installers with executables made to look like the originals through the developer interface for uploading files," Cult of Peggle also told Softpedia in an email. "After word got out and the admins reverted the changes, we replaced all installer executables on their servers with the MBR-overwriting code directly."
Malware rewrote MBR with harmless message
According to multiple reports from users complaining on 4chan and the Classic Shellforums, the malware only seemed to rewrite the user's MBR (Master Boot Record), a section of the hard drive containing information about the computer's boot-up procedure.
After users downloaded and installed the compromised software from Fosshub, the next time they rebooted, the rewritten MBR would show a blank black screen with a message from the hacker:
Read more: Hacker Compromises Fosshub to Distribute MBR-Hijacking Malware - EXCLUSIVE
According to Cult of Peggle, one of the group's four members, the team breached the website and embedded a malware payload inside some of the files hosted on Fosshub, a downloads portal, in the same category as Softpedia.
"In short, a network service with no authentication was exposed to the internet," the hacker told Softpedia in an email. "We were able to grab data from this network service to obtain source code and passwords that led us further into the infrastructure of FOSSHub and eventually gain control of their production machines, backup and mirror locations, and FTP credentials for the caching service they use, as well as the Google Apps-hosted email."
On Twitter, the hacker said he compromised the entire website, including the administrator's email. He also revealed he didn't dump the site's database but claimed that "passwords weren't salted."
Later, Cult of Peggle told Softpedia that they "in fact dump[ed] the partner database for FOSSHub, the database containing usernames and logins for application developers who uploaded their binaries through the site. Our tweet on the subject may not have been clear," the hacker explained.
"We initially replaced the Audacity and Classic Shell installers with executables made to look like the originals through the developer interface for uploading files," Cult of Peggle also told Softpedia in an email. "After word got out and the admins reverted the changes, we replaced all installer executables on their servers with the MBR-overwriting code directly."
Malware rewrote MBR with harmless message
According to multiple reports from users complaining on 4chan and the Classic Shellforums, the malware only seemed to rewrite the user's MBR (Master Boot Record), a section of the hard drive containing information about the computer's boot-up procedure.
After users downloaded and installed the compromised software from Fosshub, the next time they rebooted, the rewritten MBR would show a blank black screen with a message from the hacker:
Read more: Hacker Compromises Fosshub to Distribute MBR-Hijacking Malware - EXCLUSIVE
