On Thu, 4 Aug 2016 13:45:52 +1200, Peter Reutemann wrote:
Some popular apps that have links to FossHub that may be infected include: Audacity, WinDirStat, qBittorrent, MKVToolNix, Spybot Search&Destroy, Calibre, SMPlayer, HWiNFO, MyPhoneExplorer, and IrfanView.
I had a look at a few of these. While Audacity <http://www.audacityteam.org/download/source/> puts tarballs on FossHub, its source repo is on GitHub <https://github.com/audacity/audacity>. And while SMPlayer has its home page on SourceForge <http://smplayer.sourceforge.net/>, its source repo is on a service called assembla.com <https://app.assembla.com/spaces/smplayer/subversion/source>. And I can find no mention of FossHub on Calibre’s Linux download page <https://calibre-ebook.com/download_linux>--their source repo is on GitHub <https://calibre-ebook.com/get-involved>. So this FossHub compromise seems to be primarily affecting Windows users.