Did you download a Linux Mint ISO yesterday?

Linux Mint have openly admitted that their WordPress installation was compromised yesterday (20th February 2016) and links to their Linux Mint 17.3 Cinnamon edition ISOs where replaced with links to an ISO with a baked in back door!

Users who downloaded the ISO from their HTTP links yesterday may have inadvertently downloaded a copy with the Tsunami Trojan built in. 

Those who downloaded the ISOs via torrent links will not have been affected by the compromised ISOs, due to the way torrents work. However those who used standard HTTP requests may find they’ve a rogue file in /var/lib/man.cy 

Not only did they redirect the download links, they also stole the databases.. These are now for sale on the “dark net” for $86 as the screen shot on the below tweet shows

If you’ve downloaded the ISO, the owners of Linux Mint are strongly recommending you reinstall the OS, you can read more about the attack over at the Linux Mint Blog

Mike Hudson

Mike Hudson is a Infrastructure Analyst living and working in Kingston Upon Hull. With extensive experience in Microsoft and Apple technologies, ranging from desktop OS’s to Server OS’s and hardware. By day working as part of an infrastructure team, and by night ridding the world of IT issues through blog posts..

%d bloggers like this: