Fosshub 2016-08-03 compromise time window?

Hi guys,

I was recently made a aware of the Fosshub compromise.

I actually downloaded and installed Audacity 2.1.2 earlier today (2016-08-03) from Fosshub, so I’m a little bit nervous.
Using only Windows Defender, I scanned the intaller before using it, as well as a system-wide scan after the news broke without anything suspocious being reported.
Furthermore, I downloaded and installed Emsisoft’s Emergy Kit Scanner - which also doesn’t detect any malware.

The second paragraph of your article ( says “We have now replaced the 2.1.2 hacked windows installer”, but the article doesn’t have a timestamp, which leads to confusion.
Google search resuls says it is “8 hours” old at the time of writing this, and the updates at the bottom are stamped as being earlier than the time of me downloadeding the installer from Fosshub (I downloaded after 12:45 CEST).
Can I take this to mean, that I likely downloaded a non-hacked installer?

You mention it lasted 3 hours, but do you have the specific time window during which your installer from Fosshub was compromised? I would love to know it and help spread to word to put other people’s mind at ease.

Kind regards,

Windows 10 Anniversary update 64-bit (build 14393.10)
Audacity 2.1.2

In this kind of situation it is best to put caution first. I don’t know the exact time frame, and for me to suggest one might give a false sense of security, though I can say that in UK time it was the very early hours of the morning. If you downloaded Audacity at any time yesterday and have not yet attempted to run it, do NOT attempt to run it. Delete the file and do not leave it hanging around in your recycle bin. You should also clear your web browser cache. (but read on before taking action).

From current information it appears that there were very few downloads of Audacity during the affected period as the server logs indicate that most attempts to download during this period failed.

The malware file was considerably smaller than the genuine Audacity installer. It was about 350 kB rather than the correct size of 25.3 MB. However, if your downloaded file appears to be the correct size, I would still recommend that you delete it, clear your browser cache and then re-download as it’s better to be err on the side of safety.

At the time of the attack, the malware was unknown to most anti-virus programs, so unless you are using a reputable anti-virus that has been updated today, then it is unlikely to be detected until it is too late. If you still have the downloaded file, then you can test it on “virus total”:
This is the current result for the infected file:

We cannot make recommendations for which anti-virus products to use, but you can review this website:
“Virus Total” is a very good way to check single files as it uses multiple virus checkers.

Hi Steve.

Thank you for the quick and very comprehensive reply.
Now that you point it out, I realize that instilling a false sense of security would be a big mistake, and I certainly repesct that.

Luckily I made a backup of the file in my Dropbox and upon inspsection I see, that I got a zip-file named ‘’ with a size of 10.921.409 bytes. So I guess I got a portable version as I am wont to do whenever they are available. (Incredible that details like these can evaporate from my memory in the span of mere hours).

Maybe that fact that it wasn’t an installer put me in the clear? Maybe not? I’ll scan it with VirusTotal for good measure.

Kind regards,

Hi Martin,

Sorry for the slow reply!

Only Audacity main installer file was affected. You mentioned that you downloaded the portable version which was clean. We checked the time signature of files to make sure.

Thank you!

Ok, thanks for getting back to me. No need to apologize for the late reply - you’ve no doubt had your hands full!

I scrubbed the portable version and downloaded it anew to make sure.

On the plus side, this issue has motivated me to learn and understand how to perform MD5 or similar hash comparisons of downloaded files.

While nobody enjoys being the target of a hack, being upfront and public about it serves to highten everyone’s security, and in my eyes only serves to increase yours and Fosshub’s credibility. Thank you!

Kind regards,

Just a side-note:

If you use Windows, move anything you want to run, like an installer .exe, from the downloads folder to any other folder (or even the desktop) before you run it.

Running it in the downloads folder might execute stray dll’s that might have landed there from a drive-by malware download you haven’t noticed. It only happens rarely, but I found one just a week ago. And anything that uses the MS installer will execute those if they have the right name…

Moving it mitigates this risk completely.

I assume cyrano is referring to an MSI installer.