Linux Mint hacked and ISOs backdooredby Nikola Strahija on February 21st, 2016 One of the web servers hosting Linux Mint ISOs was compromised and hackers uploaded modified ISOs of 17.3 Cinnamon edition with a backdoor included.
If you downloaded any of the Linux Mint 17.3 edition ISOs from the official website on February 20th, 2016 you should compare the signature of the downloaded file(s) by doing a "md5sum file.iso".
The valid signatures are below:
- 6e7f7e03500747c6c3bfece2c9c8394f linuxmint-17.3-cinnamon-32bit.iso
- e71a2aad8b58605e906dbea444dc4983 linuxmint-17.3-cinnamon-64bit.iso
- 30fef1aa1134c5f3778c77c4417f7238 linuxmint-17.3-cinnamon-nocodecs-32bit.iso
- 3406350a87c201cdca0927b1bc7c2ccd linuxmint-17.3-cinnamon-nocodecs-64bit.iso
- df38af96e99726bb0a1ef3e5cd47563d linuxmint-17.3-cinnamon-oem-64bit.iso
If the signatures do not match you can check for the backdoor by running the ISO within a Virtual Machine as a Live session with disabled Internet access and listing contents of /var/lib/man.cy. If it contains a file you're looking at a compromised system.
Backup your personal data if there is any and reintall your Linux Mint system with a fresh ISO downloaded through torrents - which isn't affected.
Clem from Linux Mint writes: "The hacked ISOs are hosted on 18.104.22.168 and the backdoor connects to absentvodka.com. Both lead to Sofia, Bulgaria, and the name of 3 people over there. We don't know their roles in this, but if we ask for an investigation, this is where it will start."