Sourceforge Hijacks GIMP and Nmap with Trojans

/ 9 years ago

sourceforge-logo

Sourceforge has been found to be hijacking orphaned open source projects and adding malware to their repositories. Notable victims of this practice are the popular GIMP and Nmap accounts, using them to distribute third-party “bundle-ware” installers. GIMP fell victim to this scheme last week, and now Nmap has been “adopted” by Sourceforge, as Gordon “Fyodor” Lyon, creator of Nmap, reports:

Hi Folks!  You may have already read the recent news about Sourceforge.net hijacking the GIMP project account to distribute adware/malware. Previously GIMP used this Sourceforge account to distribute their Windows installer, but they quit after Sourceforge started tricking users with fake download buttons which lead to malware rather than GIMP.  Then Sourceforge took over GIMP’s account and began distributing a trojan installer which tries to trick users into installing various malware and adware before actually installing GIMP.  Of course this goes directly against Sourceforge’s promise less than two years ago:

“we want to reassure you that we will NEVER bundle offers with any project without the developers consent”

http://sourceforge.net/blog/advertising-bundling-community-and-criticism/

So much for that promise!  Anyway, the bad news is that Sourceforge has also hijacked the Nmap account from me.  The old Nmap project page is now blank:

http://sourceforge.net/projects/nmap/

Fyodor asks Sourceforge to remove the hijacked Nmap page, and reminds users to only download Nmap from the official SSL Nmap website.

Sourceforge later responded to the controversy, issuing the following statement:

“In an effort to address a number of concerns we have been hearing from the media and community at large, we at SourceForge would like to note that we have stopped presenting third party offers for unmaintained SourceForge projects.”

Thank you Ars Technica and Seclists.org for providing us with this information.

Image courtesy of CyberKendra.
Topics: , ,

Support eTeknix.com

By supporting eTeknix, you help us grow and continue to bring you the latest newsreviews, and competitions. Follow us on FacebookTwitter and Instagram to keep up with the latest technology news, reviews and more. Share your favourite articles, chat with the team and more. Also check out eTeknix YouTube, where you'll find our latest video reviews, event coverage and features in 4K!

Looking for more exciting features on the latest technology? Check out our What We Know So Far section or our Fun Reads for some interesting original features.
eTeknix Facebook eTeknix Twitter eTeknix Instagram eTeknix Instagram

  • Be Social With eTeknix

    Facebook Twitter YouTube Instagram Reddit RSS Discord Patreon TikTok Twitch

  • Features

    Computex CES
    Fun Reads eTeknix Deals

Send this to a friend
})