Linux Mint ISO Modified by Hackers

Hi all Linux users!

Linux Mint ISO has been modified by hackers with a backdoor in it, and they have managed to hack the LinuxMint website. The only compromised edition was Linux Mint 17.3 Cinnamon edition.

If you downloaded another release or another edition, this does not affect you. If you downloaded via torrents or via a direct HTTP link, this doesn’t affect you either.

Ideally, it should only impact people who downloaded this edition on February 20th.

If you still have the ISO file, check its MD5 signature with the command “md5sum yourfile.iso” (where yourfile.iso is the name of the ISO).

The valid signatures are below:

6e7f7e03500747c6c3bfece2c9c8394f  linuxmint-17.3-cinnamon-32bit.iso

e71a2aad8b58605e906dbea444dc4983  linuxmint-17.3-cinnamon-64bit.iso

30fef1aa1134c5f3778c77c4417f7238  linuxmint-17.3-cinnamon-nocodecs-32bit.iso

3406350a87c201cdca0927b1bc7c2ccd  linuxmint-17.3-cinnamon-nocodecs-64bit.iso

df38af96e99726bb0a1ef3e5cd47563d  linuxmint-17.3-cinnamon-oem-64bit.iso

If you still have the burnt DVD or USB stick, boot a computer or a virtual machine offline (turn off your router if in doubt) with it and let it load the live session.

Once in the live session, if there is a file in /var/lib/man.cy, then this is an infected ISO.

In case you’re affected –  delete the ISO.

If it’s being installed on a computer then put the computer offline, backup your data and reinstall the OS or format the partition, make sure you change your passwords for sensitive websites specially your email.

 The hacked ISOs are hosted on 5.104.175.212 and the backdoor connects to absentvodka.com- Sofia, Bulgaria, and the name of 3 people over there

The motivation behind this attack is still not clear


Source: Akati

Comments are closed.