We are living in a constant threat of insecurity when it comes to the virtual space, as hackers placed backdoor in Linux Mint. It has become more difficult to identify authentic files from scams when downloading from the Internet. Sometimes you might not even be aware that your software may have been modified.
The hackers managed to breach the Linux Mint website and thus trick users who unknowingly downloaded the ISO Linux Mint 17.3 Cinnamon that suffered modifications. It appears the files were downloaded from a server from Bulgaria. This can only prove that download links on official websites can no longer be trusted, and users will have to verify the software themselves before downloading and installing it.
According to Clem Lefebre, project leader, the hackers created their own Linux Mint ISO including a backdoor and then hacked the official website of Linux to point the download link towards it. At the moment, the server is offline while the company is trying to resolve the issues.
But how could this happen on an official and reliable source? It seems the hacker exploited a certain flaw in the WordPress. In this way he managed to get his hands on a www-data shell. Even though the website was updated to the latest version of WordPress, it also used a customized theme, along with the “lax permissions for a few hours” option. This permitted the attacker to find a way in. However, file permissions were not the only mistake made by the Linux team.
The database was not secured as it should have been, because the attackers also breached community forums and gained access to user information. Furthermore, the Linux website uses phpBB, infamous for its security vulnerabilities. Not to mention that the database username had the same name as the database itself: “lms14”. Unsurprisingly, the password was “upMint”, which shows clear signs of neglect and disregard towards the security of the website.
All of you who downloaded the Linux Mint 17.3 Cinnamon ISO on February 20 are advised to delete the file and download the correct one. However, if you have already installed the ISO, you will need to take your system offline and re-install the real version. You also have the option of using an older version and then update by using the repository packages.
This is the first time hackers placed backdoor in Linux Mint, and Lefebvre believes that communication is the key to recovery.
Image Source: Information Security Buzz