Users of Linux Mint, and the official support forums, warned that both the site and the software have been hacked.
Linux Mint claims to be “the 3rd most popular desktop operating system in the World behind Microsoft Windows and Apple Mac OS” according to its Facebook support page. That same page states that “our mission is to design the most elegant, powerful yet easy to use desktop operating system for office and home users.” Now some observers are wondering if security should also have been on that list.
On 21st February, a statement appeared on the official Linux Mint blog with the news that “hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it.” Yes, you read that right: the Linux Mint website was compromised and the perpetrators changed links pointing to the official download to their hacked, and back-doored, version somewhere in Bulgaria instead. At least the source code itself wasn’t compromised, as the Mint repositories themselves were not hacked, and the same goes for the official Mint download ISOs and checksums.
Anyone who installed Linux Mint from an ISO image that was downloaded via the links on the official website, over the weekend, and didn’t validate the checksum against the official list will probably be running that compromised version.