I recently installed Audacity, an open source audio editor…
And while verifying the current version to download, I came across an interesting security notification. Before I read the details, I fully expected to discover yet another case of some crypto-ransomware group hijacking and trojanizing an application installer.
But not so!
Audacity’s download partner was infiltrated via compromised accounts and Audacity’s Windows installer was replaced by purely destructive malware, an MBR-overwriting trojan. That’s really something of a throwback in this age of malware-for-profit.
Those who installed the trojanized installers saw this message on reboot.
Classic Shell was also affected, here are file details from its forum.
And here’s a video by @danooct1 demoing the malware, and how to repair the overwritten MBR.
Great stuff. And check out the view statistics… it seems there’s a decent audience for malware analysis video.