Linux Mint, Hackers have Taken Control

When perusing the internet, most people think they are safe as long as they are downloading information from a site that is trusted. However, it is imperative to consider the possibility that some of the files are not actually from the site itself, but rather look alike files from a would be hacker. See the Linux Mint cached post here.

Linux Mint Distributing backdoored ISO

It can and does happen. It wasn’t that long ago that hackers broke into a website related to Linux distribution, only to replace the original files with their own that would direct anyone that downloaded it to their own operating system. Of course, Linux is a trusted site and as a direct result of what had happened, the people who developed Linux Mint made the announcement that the website had been hacked and malicious software was present. The post could be found on the website itself, beginning with “ I’m sorry I have to come with bad news. We were exposed to an intrusion today. It was brief and it shouldn’t impact many people, but if it impacts you, it’s very important you read the information below.”

Help I have a Hacked ISO

The problem was that the website was supposed to give users the opportunity to download the Cinnamon edition of Linux Mint 17.3. Unfortunately, when the hackers broke in they essentially created what amounts to a backdoor version of the software that led to their own malicious software complete with its own operating system. This effectively hijacked any computer that had the software on it. Both the 32-bit and 64-bit version were affected.

tux_linux_mint_avatar_pack_by_joeyrex-d3bownm

The post on the Linux website continued, “ The situation happened today, so it should only impact people who downloaded this edition on February the 20th. If you downloaded another release or another edition, this does not affect you. If you downloaded via torrents or via a direct HTTP link, this doesn’t affect you either.”

Unfortunately, it is not yet clear how many people were affected or the amount of damage that was actually done. Most experts, including senior threat analyst and cyber security specialist Yonathan Klijnsma, stated that it was nothing that had not been previously seen. Eventually, it was found that the malicious software connects to “absentvodka.com.” Further information revealed that the ISO hacked was hosted on 5.104.175.212.

This information was posted on the Linux website as well, saying “ Both lead to Sofia, Bulgaria, and the names of three people over there. We don’t know their roles in this, but if we ask for an investigation, this is where it will start. What we don’t know is the motivation behind this attack. If more efforts are made to attack our project and if the goal is to hurt us, we’ll get in touch with authorities and security firms to confront the people behind this.”

The problem may not be over, either. It looks like the site’s database has shown up for sale on a black market site that operates online known as The Real Deal. However, it is not yet known whether or not any passwords or personal information related to clients is involved.

Anyone that thinks they might have been impacted by this can find out whether or not they were affected by comparing the MD5 hash with Linux Mint. That will allow customers to know whether or not the information they downloaded was affected by the hackers. If the MD5 hash is different from that on the Linux Mint website, these customers have the malicious software. However, if the MD5 hash matches, they can assume they are safe.

This should serve to remind people that it is important to double check the MD5 hash and verify that a website has not been hacked before they download any information.

Sara Six

Sara Six

Chief Editor @ No Adware
I love all things security.
Malware, adware and data breaches are on the rise. Informing the world and demystifying the dark world of cyber crime is what I live for.
Sara Six

Latest posts by Sara Six (see all)

Discussions — No responses yet