Linux Mint Website Hacked! ISOs replaced with Backdoored OS

Linux Mint

Do you guys love Linux? Then you must be aware of about Linux Mint. It is a community-driven distribution which is based on Debian and Ubuntu. It is said to be a modern, elegant and comfortable operating system. If you downloaded Linux Mint recently, then you might have been infected. The infection could have happened because you downloaded a malicious ISO image. So let us take a quick look at this matter.

When and how did this happen?

On 20th Feb 2016, some unknown hacker community or group somehow managed to hack the Linux Mint website. Now hacking such a website is not easy. They replaced the download links on the site which were directed to one of their servers. Now this server was offering malicious ISO images for the Linux Mint 17.3 Cinnamon Edition.

Clement Lefebvre who is the head of the Linux Mint project also confirmed that Linux Mint had been attacked which was surprising for everyone.

Who were the victims?

According to the Linux Team, this attack only affected a single edition which is Linux Mint 17.3 Cinnamon Edition. So only those people who downloaded this version on February 20th were affected. If ever, you have downloaded this version from torrent or direct HTTP link on 20th February, you are not the victim.

What happened?

Technically, it is believed that hackers accessed the underlying server using the team’s WordPress blog. Then they got shell access to www-data. From there, hackers were able to manipulate the Linux Mint download page which was further redirected to some malicious FTP (File Transfer Protocol). The server was hosted in Bulgaria.

The Linux ISO images which were infected installed the complete OS with IRC (Internet Relay Chat). Now this gave attackers a direct access to the system via IRC servers. Backdoor access was given by Tsunami which is a Linux ELF-Trojan. Generally, this bot is used for launching DDoS attacks.

Tug of war

The tug of war is definitely between Linux Mint SysAdmins and the hackers where the Linux team was able to discover the hack and clean it up from their website. Once Linux announced that they had been hacked, hackers once again repeated the attack. This time, the Linux Mint team took down the entire linuxmint.com domain offline. The Linux Mint’s official website is currently offline.

What did hackers get?

The hackers are selling the Linux Mint’s website data for just $85. It is assumed that the hack was conducted by newbie’s as they used IRC which is already outdated since 2010.

How to protect yourself?

Users who have the ISO image can check the signature. To check for any infected download, you can compare the MD5 signature with official versions. If all this is difficult, you can simply disconnect your system from the Internet. Once it is offline, you should backup all the data and reinstall the OS or format the partition. After reinstalling, you can be online again and you should change your passwords, wherever you are using them.

So follow such basic and simple steps to protect your system from such attacks.

Leave a Reply