0ld 5ch00l MBR Malware

I recently installed Audacity, an open source audio editor

Audacity UI

And while verifying the current version to download, I came across an interesting security notification. Before I read the details, I fully expected to discover yet another case of some crypto-ransomware group hijacking and trojanizing an application installer.

But not so!

Audacity’s download partner was infiltrated via compromised accounts and Audacity’s Windows installer was replaced by purely destructive malware, an MBR-overwriting trojan. That’s really something of a throwback in this age of malware-for-profit.

Those who installed the trojanized installers saw this message on reboot.

MBR message: It is a sad thing your adventures have ended here!

Classic Shell was also affected, here are file details from its forum.

And here’s a video by @danooct1 demoing the malware, and how to repair the overwritten MBR.


Infected Classic Shell/Audacity Trojan

Great stuff. And check out the view statistics… it seems there’s a decent audience for malware analysis video.



Articles with similar Tags