Linux Mint Website Hacked, Users Tricked Into Downloading ISOs with Backdoors
This may be perhaps the worst way to install a backdoor on a computer. The Linux Mint aficionados were tricked into downloading a specially crafted ISO version which had a backdoor installed by hackers who had hacked the Linux Mint website.
Clement Lefebvre, leader of the Linux Mint project, informed users of the popular, Ubuntu-based distribution that the servers where the Linux Mint website is hosted have been hacked to point the download links to specially crafted ISOs.
Lefebvre stated that the specially crafted Linux Mint ISO includes a backdoor and the users visiting the website were tricked into downloading the malicious ISO image. In a statement issued following the hack attack, Lefebvre said, “I’m sorry I have to come with bad news. We were exposed to an intrusion today. It was brief and it shouldn’t impact many people, but if it impacts you, it’s very important you read the information below.”
According to Lefebvre, the hack took place on 20th February and seems to have affected only Linux Mint 17.3 Cinnamon edition. Therefore if you have downloaded the ISO images on February 20, 2016 or after, dont install them on your computer and delete them as soon as possible.
Lefebvre said that other Linux Mint editions from the website with the exception of the Cinnamon one were not infected with the backdoor and they are safe.
Note : Those who downloaded the infected Linux Mint Cinnamon ISOs on February 20 should delete those images from their computers. Also, if you already managed to install Linux Mint on your computer using such infected images, you need to re-download new ISOs from the project’s website and reinstall the OS.
It would also be advisable to clean format the drive and change all your passwords.
Lefebvre said that they had restored the control of the site and and modified download links now point to the correct ISO images for the Linux Mint Cinnamon edition. More technical details about the hack can be found on the Linux Mint blog. According to Lefebvre, the hack attack points to some people located in Bulgaria. “Both lead to Sofia, Bulgaria, and the name of 3 people over there. We don’t know their roles in this, but if we ask for an investigation, this is where it will start,” he said.
He went on to add, “If more efforts are made to attack our project and if the goal is to hurt us, we’ll get in touch with authorities and security firms to confront the people behind this.”
As said above, Lefebvre has recommended users who are affected by the hack to disconnect their computers from the Internet as soon as possible, wipe the disk drive and change all of their passwords, especially those used for email and other sensitive websites.