I hope you weren’t one of the hundreds of people who downloaded a compromised version of the Linux Mint operating system on Saturday.
Because if you were, it’s possible that you’re not just running one of the more user-friendly flavours of Linux on your computer but also playing host to a Linux ELF trojan called Tsunami, that can be used to steal files from your system and launch distributed denial-of-service (DDoS) attacks.
In a blog post, Clement Lefebvre, leader of the Linux Mint project, warned that hackers had managed to break into the Linux Mint servers, and replace ISO download links to point to a compromised version of Linux Mint 17.3 Cinnamon edition, hosted on a Bulgarian FTP server.
Upon discovering the security problem, the Linux Mint team is thought to have cleaned-up its own site, only to have been compromised again via an insecure installation of WordPress. In response, and while it was trying to get a proper handle on its vulnerabilities, the Linux Mint team wisely took linuxmint.com offline.
At the time of writing the main Linux Mint website remains unavailable.
Lefebvre offered the following advice to users who may have downloaded the compromised version of Linux Mint:
What to do if you are affected?
Delete the ISO. If you burnt it to DVD, trash the disc. If you burnt it to USB, format the stick.
If you installed this ISO on a computer:
- Put the computer offline.
- Backup your personal data, if any.
- Reinstall the OS or format the partition.
- Change your passwords for sensitive websites (for your email in particular).
Sadly, the problems do not appear to end there.
Fox-IT threat researcher Yonathan Klijnsma tweeted that he had found a hacker going by the moniker of “peace_of_mind” attempting to sell a phpBB forum database stolen from the Linux Mint server on an underground website.
by Graham Cluley, ESET We Live Security