Classic Shell
Classic Shell compromised on FossHub
FossHub's distribution platform was compromised, and Classic Shell downloads were swapped for a destructive installer. Users who trusted the official download path received code that rewrote the master boot record, collapsing a familiar Windows utility into a boot-failure payload delivered through the software mirror.
- Date
- 2016-08-02 to 2016-08-03
- Category
- Open Source
- Target Surface
- Distribution
- Insertion Phase
- distribution
- Impact
- Service Disruption
- Cause
- Compromised Infrastructure
What Was Affected
Package
Classic Shell
LanguageC++
ComponentApplication
Artifact typebinary archive
Domain typepackage host
Domain
fosshub.com
Repository
github.com/coddec/Classic-Shell
Incident Context
- Motive
- Disruption/Protest
- Attribution
- Individual Hacker
- Transitive
- No
- User Impact
- 10000
- Observed Duration
- 1 days
Evidence
Compromised Artifacts
Current Artifacts and Analysis
Indicators and Changes
Hashes
sha256:ccbb6cd10c0b0cfb68cf7c4203c9e9b75eb28b9a69a639e2c11a69d623456fa7md5:55a76272c2e42285ad4414e328b88e16
External References
- ghacks.net/2016/08/03/attention-fosshub-downloads-compromised
- web.archive.org/web/20160803032356/http://www.classicshell.net/forum/viewtopic.php
- thehackernews.com/2016/08/FossHub-malware.html
- arstechnica.com/information-technology/2016/08/malicious-classic-shell-installer-deliberately-trashes-windows-pcs
Source Data
Source record: oss/classic_shell/meta.yaml