Linux Mint site hacked, users unwittingly download backdoored operating system


I hope you weren’t one of the hundreds of people who downloaded a compromised version of the Linux Mint operating system on Saturday.

Because if you were, it’s possible that you’re not just running one of the more user-friendly flavours of Linux on your computer but also playing host to a Linux ELF trojan called Tsunami, that can be used to steal files from your system and launch distributed denial-of-service (DDoS) attacks.

In a blog post, Clement Lefebvre, leader of the Linux Mint project, warned that hackers had managed to break into the Linux Mint servers, and replace ISO download links to point to a compromised version of Linux Mint 17.3 Cinnamon edition, hosted on a Bulgarian FTP server.

Upon discovering the security problem, the Linux Mint team is thought to have cleaned-up its own site, only to have been compromised again via an insecure installation of WordPress. In response, and while it was trying to get a proper handle on its vulnerabilities, the Linux Mint team wisely took offline.

At the time of writing the main Linux Mint website remains unavailable.

Linux Mint website down

Lefebvre offered the following advice to users who may have downloaded the compromised version of Linux Mint:

What to do if you are affected?

Delete the ISO. If you burnt it to DVD, trash the disc. If you burnt it to USB, format the stick.

If you installed this ISO on a computer:

  • Put the computer offline.
  • Backup your personal data, if any.
  • Reinstall the OS or format the partition.
  • Change your passwords for sensitive websites (for your email in particular).

Sadly, the problems do not appear to end there.

Fox-IT threat researcher Yonathan Klijnsma tweeted that he had found a hacker going by the moniker of “peace_of_mind” attempting to sell a phpBB forum database stolen from the Linux Mint server on an underground website.

by Graham Cluley, ESET We Live Security

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s