Linux Mint Cinnamon compromised
In light of the news regarding Linux Mint below is a commentary and tips from Wim Remes, Manager EMEA at Rapid7.
“It was reported that Linux Mint had their website compromised and the hackers
managed to point links for their official “Cinnamon” edition to an alternative
compromised version. The issue, as far as we can tell, does only extend to the ISO
versions of the Mint distribution and not the repositories from which systems pull
their updates. This means that everyone who installed Linux Mint from an ISO image
downloaded through the link on the Linux Mint website, has a potentially back-doored
version running. This can easily be identified by looking for the file
/var/lib/man.cy, which is a backdoor that allows the attackers to interact with the
system using IRC.
Once again we are reminded of what we need to do to make sure we use valid software,
especially when we download it from the Internet:
- Always prefer HTTPS vs HTTP for software downloads. Do verify the SSL certificate
in case you are questioning the source.
- Obtain the MD5/SHA1 checksums IF they can be obtained from a validated source. In
this case, the attackers would’ve modified the checksums as well as the links to the
images so if you obtained the checksums from the same site, this would’ve not
triggered any warnings.
- It is preferred to work from a known good image that you obtained a while ago and
update/upgrade packages from there over quickly downloading a new ISO.”
Image Source: Linux Mint