One of the main download mirrors of Classic Shell, a popular Windows freeware, was recently hacked for some 3 hours and was serving a hacked copy of the files. Classic Shell downloads on FossHub were trapped with an old-school software which actually infected the victims’ Windows PCs. The users who downloaded this malicious software from the website and ran them on their Windows 10 devices saw something which was very unexpected.
Their devices, instead of installing the expected app, were actually replaced with a code on the computer’s Master Boot Record (MBR). When the next reboot or power on happened the machine actually did not start up properly. Instead, it displayed a cheeky message. Even the drive’s partition table was likely to be damaged.
Here is what the message after a reboot read:
As you reboot, you find that something has overwritten your MBR! It is a sad thing your adventures have ended here! Direct all hate to Pegglecrew (@cultofrazer on Twitter)
Classic Shell is now safe to download again
The affected users reported the issue and the same were acknowledged by the CS developer. Now, the Classic Shell home page displays a warning as below:
Attention! The download service for Classic Shell was hacked on August 2nd, and for a few hours it served an infected version of the installer. The malware corrupts your PC and makes it unbootable.
The current download link is safe. The website also gave an insight to the users on the whole scenario and offered instructions to fix the unbootable PCs. Additionally; the website also confirms that it is totally safe to download the latest Classic Shell 4, 30 which is hosted on Media Fire.
The new file has been uploaded to VirusTotal and has come out totally clean. It is suggested by the developer that the users check the file signature after the download and verify if it displays the name of signatory as Ivaylo Beltchev. This signature is legitimate and official and the hacked file will not display the Digital Signatures tab.
If you want to know more about the hack, click here.