Linux Mint ISO Download With a Backdoor
If you attempted to download Linux Mint on Saturday, February 20th, then you could be the victim of malicious software. According to CSO Online, Linux Mint’s website was compromised and links were changed so users would install an ISO containing a backdoor. The forums were also compromised.
Zack Whittaker from CSO Online
ZD Net through an encrypted chat spoke with the hacker who goes by the name Peace. The hacker stated he stole the entire copy of the forum’s twice. Once on 1/28 and the other on 2/18. He also listed a full forum dump on the dark web for $85. The hacker used malware dubbed Tsunami, an easy-to-implement backdoor, which when activated quietly connects to an IRC server where it waits for commands.
When downloading any files from the internet, the best recommendation is to use an official source. Unfortunately in this case, the recommendation would lead you to an unwanted download. If you downloaded the ISO on Saturday, then you should wipe the install and download the ISO again from the Linux Mint website. The infected software was pulled Saturday evening and everything was back operational by Sunday night. Also any passwords that is the same as your forum log in need to be changed immediately. You should also search the database on the site HaveIBeenPwned to see if your account is there.
Info World also has a few tips to identify official downloads.
Other High Profile Breaches:
Experian (includes T-Mobile)
Tesla and Chrysler (unrelated to each other)
Apple App Store
U.S. Office of Personnel Management (OPM)
Kaspersky & FireEye (unrelated to each other)
Excellus Blue Cross Blue Shield
Ashley Madison (follow up)
Thanks for stopping by and reading our blog. We would appreciate if you could subscribe (assuming you like what you read; we think you will). This is meant to be informative and to provide value to anyone who reads this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.
Be sure to subscribe to this blog and to our Podcast.
If you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern.