Linux Mint website hacked - operating system download replaced with backdoored ISO

Maintainers point finger of suspicion at three in Sofia, Bulgaria

The Linux Mint website was hacked over the weekend and the regular ISO of the latest distribution of the popular operating system replaced by a version that contained a backdoor.

The attack happened on Saturday February 20th, but the developers behind the operating system claim that it was cleared up by Sunday morning. Anyone who downloaded an ISO of Mint on the Saturday is advised not to use it.

All users of the Linux Mint forums have also been advised to change their passwords.

"We were exposed to an intrusion today. It was brief and it shouldn't impact many people," admitted Clement Lefebvre, the head of the Linux Mint project in a blog post in the early hours of Sunday morning. "Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it."

He continued: "As far as we know, the only compromised edition was Linux Mint 17.3 Cinnamon edition. If you downloaded another release or another edition, this does not affect you. If you downloaded via torrents or via a direct HTTP link, this doesn't affect you either... It should only impact people who downloaded this edition on February 20th."

Lefebvre also provided advice on how to check whether a Linux Mint ISO might be affected, by checking its MD5 signature against the valid signatures.

Intriguingly, the team behind Mint claim that they already have the name of three suspects they believe may have played a role - even if inadvertently - in the attack.

"The hacked ISOs are hosted on 5.104.175.212 and the backdoor connects to absentvodka.com. Both lead to Sofia, Bulgaria, and the name of three people over there. We don't know their roles in this, but if we ask for an investigation, this is where it will start.

"What we don't know is the motivation behind this attack. If more efforts are made to attack our project and if the goal is to hurt us, we'll get in touch with authorities and security firms to confront the people behind this," he concluded.