As of this writing, they have replaced all the malicious downloadable files. One of the culprits was a fake Classic Shell software.
The other softawre was Audacity, which is a popular audio editing and recording program. Fosshub caught the malicious file before anyone was able to download it, however Classic was not too lucky because it was downloaded 300 times before they were able to shut it down.
Now, the website is secure once more and the downloadables are clean. If in doubt, scan the programs you download before installing it.
You can have the file scanned online by uploading it to Virus Total and they will scan it using multiple security programs. Browsers also alert you if you downloaded an untrusted program.
A reddit user who was a victim of the compromised Classic shell posted a picture of what happened to his machine. The MBR has been compromised and rendered unuseable. However, it can usually be repairable by using bootrec.exe.
The files on the website are not hacked versions but instead, they were replaced by another installation file that contained the malware.
Cult of Razer posted on twitter that and claimed that they had temporarily took control of FossHub.com which includes the site’s administrator email account. They have said that their motivation for carrying out the hack was to draw attention to the site’s weaknesses with a repairable non-lethal attack. If it were other hackers, they might have taken more advantage by installing ransomware instead.
