A Nostalgic Virus Is Infecting Windows Machines
Anyone who visited FossHub on Tuesday to download either Start Menu replacement Classic Shell or the audio editor Audacity is at risk of having downloaded a Trojan that feels like something out of the early ’90s. The malicious code was written by a hacking crew calling themselves Pegglecrew.
YouTuber danooct1 explains that Pegglecrew’s program is both brand new and largely undetected by sites like VirusTotal. Even the fake installer is almost identical in file size to the original. Opening the infected version of either Audacity or Classic Shell appears to do nothing, but on reboot the user is greeted with the following message:
As you reboot, you find that something has overwritten your MBR! It is a sad thing your adventures have ended here! Direct all hate to Pegglecrew (@cultofrazer on Twitter)
The Trojan’s intent does not appear to be destructive, as the message states precisely why the user’s machine is no longer functioning as expected (and in the cadence of a classic text-based RPG). Booting into a recovery CD and executing a quick command to restore the master boot record appears to restore system functions to normal, according to danooct1.
Several tweets suggest Pegglecrew’s work has appeared in the wild on multiple machines. Interestingly, cultofrazer appears to itself have been hacked. Pegglecrew got in touch with Gizmodo on Twitter to explain that the cultofrazer handle was in fact stolen by them from Razer — the gaming hardware manufacturer — who then took it back. It appears that the Trojan doesn’t have any lasting effects beyond a silly and somewhat annoying message.
Source | gizmodo