The Linux Mint website was hacked on 20th of February. The intruders were successful in compromising the details and circulate a malevolent ISO of the Linux Mint 17.3 Cinnamon edition. If you downloaded a Linux Mint Version on 20th of February, 2016, then the chances are quite high that your system has been infected.
Of all the Linux distros available, Linux Mint remains a popular and best version. A group of hackers recently managed to gain control over the Linux Mint website and had the entire download links replaced on the website. This link directed the users to one of the servers distributing malicious ISO for the Cinnamon Edition. The hackers successfully developed a modified version of the Linux Mint and had a backdoor within it. This announcement was made by the Linux Mint project head, Clement Lefebvre.
As of now, the issue has impacted the Linux Mint 17.3 Cinnamon edition downloaded on 20th February. The hackers accessed the server of the website through the word press blog and then gained access to the www-data. Hackers then managed to manipulate the download page of Linux Mint and redirected to a malicious file transfer protocol server that was found to be hosted in Bulgaria.
The hack was figured out by the Linux Mint team in a couple of hours and it managed to clear the links from the website in no time. An announcement was made on the official blog of the company. The company had to take the entire domain of linuxmint.com offline in order to prevent the spread of the malicious ISO images amongst the users. The official website is currently offline till the investigation team figures out the problem completely. The motive of the hackers behind the attack is yet to be figured out. The data base is being sold by the hackers for $85 only which implies that they aren’t aware of the actual price of the software.
The hacking seems to be carried out by inexperienced bunch of individuals as they decided to infect the Linux distro with the aid of an IRC bot. This IRC bot was considered outdated during the year 2010. They could have utilized dangerous hacking malwares such as Banking Trojans which they didn’t. The site was re-compromised by the hackers even after hack detection which makes it quite evident that this was done by hackers lacking experience.