Linux Mint Site Hacked – Genuine ISO Replaced by Malware



/ 2 years ago

linux mint

The official website for Linux Mint has been hacked, and the ISO download of the operating system was replaced with a malicious version on Saturday (20th February), the head of the project has announced. The fraudulent version of the Linux Mint 17.3 Cinnamon edition was inserted into the site via a backdoor exploit, redirecting users from the real URL to absentvodka.com, which hosted malware posing as Linux Mint.

Anyone that downloaded Linux Mint from the official website yesterday (torrents or direct HTTP link downloads are thought to be unaffected) should read on for instructions on how to deal with the problem.

The post on the Linux Mint Blog – which includes instructions to help remove the malware version – reads:

What happened?

Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it.

Does this affect you?

As far as we know, the only compromised edition was Linux Mint 17.3 Cinnamon edition.

If you downloaded another release or another edition, this does not affect you. If you downloaded via torrents or via a direct HTTP link, this doesn’t affect you either.

Finally, the situation happened today, so it should only impact people who downloaded this edition on February 20th.

How to check if your ISO is compromised?

If you still have the ISO file, check its MD5 signature with the command “md5sum yourfile.iso” (where yourfile.iso is the name of the ISO).

The valid signatures are below:

6e7f7e03500747c6c3bfece2c9c8394f  linuxmint-17.3-cinnamon-32bit.iso

e71a2aad8b58605e906dbea444dc4983  linuxmint-17.3-cinnamon-64bit.iso

30fef1aa1134c5f3778c77c4417f7238  linuxmint-17.3-cinnamon-nocodecs-32bit.iso

3406350a87c201cdca0927b1bc7c2ccd  linuxmint-17.3-cinnamon-nocodecs-64bit.iso

df38af96e99726bb0a1ef3e5cd47563d  linuxmint-17.3-cinnamon-oem-64bit.iso

If you still have the burnt DVD or USB stick, boot a computer or a virtual machine offline (turn off your router if in doubt) with it and let it load the live session.

Once in the live session, if there is a file in /var/lib/man.cy, then this is an infected ISO.

What to do if you are affected?

Delete the ISO. If you burnt it to DVD, trash the disc. If you burnt it to USB, format the stick.

If you installed this ISO on a computer:

  • Put the computer offline.
  • Backup your personal data, if any.
  • Reinstall the OS or format the partition.
  • Change your passwords for sensitive websites (for your email in particular).

Is everything back to normal now?

Not yet. We took the server down while we’re fixing the issue.

Topics: , ,

Support eTeknix.com

By supporting eTeknix, you help us grow. And continue to bring you the latest news, reviews, and competitions. Follow us on Facebook and Twitter to keep up with the latest technology. Share your favourite articles, chat with the team and more. Also check out eTeknix YouTube, where you'll find our latest video reviews, event coverage and features in 4K!
eTeknix FacebookeTeknix TwittereTeknix Instagram

Check out our Latest Video

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!


Optimized with PageSpeed Ninja