Linux Mint distributions have been compromised
The developers of one of the famous Linux distributions called Mint reported on a blog that their server was compromised, and the OS ISO distributions were modified (backdoored). It is indicated that it is worth paying attention to the downloads downloaded from the server on February 20. According to the developers, the Linux Mint 17.3 Cinnamon distribution was compromised.
Malicious distributions were placed at the IP address 5.104.175.212, and the backdoor itself is accessed at the URL address absentvodka.com. Below are the instructions for checking the downloaded distribution.
')
To check the downloaded distribution, compare its MD5 sum with the corresponding value of the legitimate distribution.
6e7f7e03500747c6c3bfece2c9c8394f linuxmint-17.3-cinnamon-32bit.iso
e71a2aad8b58605e906dbea444dc4983 linuxmint-17.3-cinnamon-64bit.iso
30fef1aa1134c5f3778c77c4417f7238 linuxmint-17.3-cinnamon-nocodecs-32bit.iso
3406350a87c201cdca0927b1bc7c2ccd linuxmint-17.3-cinnamon-nocodecs-64bit.iso
df38af96e99726bb0a1ef3e5cd47563d linuxmint-17.3-cinnamon-oem-64bit.iso
The malicious version of the distribution kit is also indicated by the presence of the /var/lib/man.cy file in the installed OS. In the case of a malicious version installed, you should disconnect the computer from the network, back up the necessary data, and reinstall the OS. After that, it is recommended to change the credentials of their services.
Malicious distributions were placed at the IP address 5.104.175.212, and the backdoor itself is accessed at the URL address absentvodka.com. Below are the instructions for checking the downloaded distribution.
')
To check the downloaded distribution, compare its MD5 sum with the corresponding value of the legitimate distribution.
6e7f7e03500747c6c3bfece2c9c8394f linuxmint-17.3-cinnamon-32bit.iso
e71a2aad8b58605e906dbea444dc4983 linuxmint-17.3-cinnamon-64bit.iso
30fef1aa1134c5f3778c77c4417f7238 linuxmint-17.3-cinnamon-nocodecs-32bit.iso
3406350a87c201cdca0927b1bc7c2ccd linuxmint-17.3-cinnamon-nocodecs-64bit.iso
df38af96e99726bb0a1ef3e5cd47563d linuxmint-17.3-cinnamon-oem-64bit.iso
The malicious version of the distribution kit is also indicated by the presence of the /var/lib/man.cy file in the installed OS. In the case of a malicious version installed, you should disconnect the computer from the network, back up the necessary data, and reinstall the OS. After that, it is recommended to change the credentials of their services.
Source: https://habr.com/ru/post/277675/
All Articles