Skip to main content

Linux Mint came with a dash of malware over the weekend

linux mint carried malware on february 20 2016 screenshot
If you downloaded Linux Mint on Saturday, attackers might have a back door on your computer.

“Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it,” Clement Lefebvre, one of Mint’s creators, wrote in a blog post over the weekend (via Ars Technica). The post also recommended anyone running the corrupted system totally wipe their systems and change all of their online passwords.

Related Videos

The attack is specific to Linux Mint 17.3 Cinnamon edition, and only applies to people who downloaded that ISO from the website: BitTorrent users aren’t affected, and neither are Mint users who updated from previous versions using apt-get or other methods. But if you downloaded a Cinnamon ISO from the Mint website on Saturday, February 20, Lefebvre recommends taking action immediately.

“Delete the ISO,” Lefebvre wrote. “If you burnt it to DVD, trash the disc. If you burnt it to USB, format the stick.”

And if you actually installed the corrupted Mint version? The steps are even more severe. To quote Lefebvre, users should:

  • Put the computer offline.
  • Backup your personal data, if any.
  • Reinstall the OS or format the partition.
  • Change your passwords for sensitive websites (for your email in particular).

If you want to know if you’re infected, the blog post offers valid MD5 signatures for the installation ISOs.

It’s not known who carried out the attack, and what motivates the attackers, but the hacked ISOs were hosted by a server in Sofia, Bulgaria.

It hasn’t been a great couple of months for Linux’s security reputation. In December a bootloader bug revealed at a Polytechnic University Cybersecurity Group showed that you can hack most Linux distros by hitting the backspace key 28 times.

“If more efforts are made to attack our project and if the goal is to hurt us, we’ll get in touch with authorities and security firms to confront the people behind this,” wrote Lefebvre.

Every operating system has its share of vulnerabilities, and it’s good that Mint’s were noticed early. Here’s hoping the Mint team can get everything under control before any more corrupted ISOs are distributed.

Editors' Recommendations

North Korean hackers are targeting crypto workers
A hand on a laptop in a dark surrounding.

Hackers believed to be associated with the North Korean-based cybercriminal group Lazarus have attempted yet another digital heist by targeting cryptocurrency firm deBridge Finance.

As reported by Bleeping Computer, deBridge operates as a “liquidity transfer protocol that allows decentralized transfer of data and assets” between multiple blockchain platforms.

Read more
North Korean hackers target huge crypto exchange — are user funds safe?
A depiction of a hacker breaking into a system via the use of code.

North Korean hackers are attempting to lure in cryptocurrency experts via bogus job offers for crypto exchange platform Coinbase.

As reported by Bleeping Computer, a campaign orchestrated by the well known North Korean Lazarus hacking group has been uncovered, and its target is those involved in the increasingly popular fintech (financial technology) industry.

Read more
Hackers now exploit new vulnerabilities in just 15 minutes
A depiction of a hacker breaking into a system via the use of code.

Hackers are now ​​moving faster than ever when it comes to scanning vulnerability announcements from software vendors.

Threat actors are actively scanning for vulnerable endpoints within a period of just 15 minutes once a new Common Vulnerabilities and Exposures (CVE) document is published, according to Palo Alto's 2022 Unit 42 Incident Response Report.

Read more