In a surprising announcement, Clement Lefebvre -- head of the Linux Mint project -- said that the Linux Mint website had been compromised and that the hackers were able to edit the site to point to a malicious ISO of Linux Mint 17.3 Cinnamon edition on Saturday 20th, February.
If you downloaded the Cinnamon edition prior to Saturday or downloaded a different version/flavour (including Mint 17.3 Cinnamon via torrent or direct HTTP link) you aren't affected. It's worth mentioning that since the issue was caught, everything has since returned back to normal now so it's safe to download the Linux Mint ISOs again.
The blog post by Lefebvre explains how users can check the MD5 signature of any ISOs that they think might be infected. Users who do have an infected ISO are advised to delete the ISO, trash discs where the ISO has been burnt, and format USB sticks where the ISO was burnt.
For those who used the ISO to install the OS on their computer, the following steps are recommended:
- Take the computer offline,
- Backup personal data,
- Reinstall the OS (with a clean ISO) or format the partition,
- And change passwords to sites you used - especially email accounts.
It's not clear yet whether the team plans to have the authorities go after the hackers. The ISOs and the website the backdoor contacts are both hosted from Sofia, Bulgaria. The Mint team claim to have the name of three people who could be involved with the attack, giving authorities a good place to start, should they investigate.
For clarification, the ISOs on the Mint website are now clean - only those who downloaded an ISO on Saturday 20th, February need to be concerned. Linux is typically known to be quite resilient against malware, thanks to the architecture of the operating system as well as its relative obscurity when compared with Windows.