SourceForge serving malware with OpenSource projects
Mojca Miklavec
mojca at macports.org
Tue Jul 15 12:42:54 PDT 2014
Hi,
Even though this is not something new, I've only learned about it today.
Apparently SourceForge is not only serving adds for malware that
informed users could avoid. They started *repackaging* windows
installers to actually *install* malware.
http://sourceforge.net/devshare/why
http://www.ghacks.net/2013/07/17/sourceforges-new-installer-bundles-program-downloads-with-adware/
http://www.reddit.com/r/technology/comments/1jk1gz/sourceforge_starts_using_enhanced_adware/
https://forum.filezilla-project.org/viewtopic.php?t=31127
http://sourceforge.net/projects/filezilla/reviews/?sort=created_date&stars=0#reviews-n-ratings
This doesn't affect MacPorts. Yet?
They are already advertising different crapware for Macs.
Among others the author of FileZilla explicitly opted in to install
malware with the Windows installer. I'm highly inclined to remove the
package for MacPorts. I have problems trusting that software (other
than that the software no longer works on < 10.9).
And in general this looks like one of the main reasons to try to stay
away from SF and to ask developers to switch to a different hosting
provider. Unless they want to collect fees from malware of course.
Mojca
More information about the macports-dev
mailing list