SourceForge serving malware with OpenSource projects

Mojca Miklavec mojca at macports.org
Tue Jul 15 12:42:54 PDT 2014


Hi,

Even though this is not something new, I've only learned about it today.

Apparently SourceForge is not only serving adds for malware that
informed users could avoid. They started *repackaging* windows
installers to actually *install* malware.

    http://sourceforge.net/devshare/why
    http://www.ghacks.net/2013/07/17/sourceforges-new-installer-bundles-program-downloads-with-adware/
    http://www.reddit.com/r/technology/comments/1jk1gz/sourceforge_starts_using_enhanced_adware/
    https://forum.filezilla-project.org/viewtopic.php?t=31127
    http://sourceforge.net/projects/filezilla/reviews/?sort=created_date&stars=0#reviews-n-ratings

This doesn't affect MacPorts. Yet?
They are already advertising different crapware for Macs.

Among others the author of FileZilla explicitly opted in to install
malware with the Windows installer. I'm highly inclined to remove the
package for MacPorts. I have problems trusting that software (other
than that the software no longer works on < 10.9).

And in general this looks like one of the main reasons to try to stay
away from SF and to ask developers to switch to a different hosting
provider. Unless they want to collect fees from malware of course.

Mojca


More information about the macports-dev mailing list