Linux Mint have openly admitted that their WordPress installation was compromised yesterday (20th February 2016) and links to their Linux Mint 17.3 Cinnamon edition ISOs where replaced with links to an ISO with a baked in back door!
Users who downloaded the ISO from their HTTP links yesterday may have inadvertently downloaded a copy with the Tsunami Trojan built in.
Those who downloaded the ISOs via torrent links will not have been affected by the compromised ISOs, due to the way torrents work. However those who used standard HTTP requests may find they’ve a rogue file in /var/lib/man.cy
Not only did they redirect the download links, they also stole the databases.. These are now for sale on the “dark net” for $86 as the screen shot on the below tweet shows
It seems compromised @linuxmint forum data is already for sale on darknet markets. The seller is quite interesting. pic.twitter.com/7yZl2SR9KT
— Yonathan Klijnsma (@ydklijnsma) February 21, 2016
If you’ve downloaded the ISO, the owners of Linux Mint are strongly recommending you reinstall the OS, you can read more about the attack over at the Linux Mint Blog