Xubuntu's website was hacked to spread a malware, fixed now

[harlan4096]

Xubuntu's website was the latest to fall victim to hackers. The attackers replaced the download links with a malicious one.

For those unaware, Xubuntu is one of the official flavors of Ubuntu, i.e. a fork/derivate of the distro. The name is a portmanteau of Xfce and Ubuntu.

Anyway, from what I can tell from user reports, the attackers replaced the download links on Xubuntu.org with a malicious one. So instead of downloading a .torrent file, it downloaded some ZIP archive that contained the malicious file.

Here is a screenshot of what the malware looks like.


(Image courtesy reddit user Buty935)

Notice that it says Target Windows Version? That, combined with the EXE in the name, seems to suggest they were targeting Windows users. Perhaps users who are moving away from Windows 10, but weren't familiar with Linux or torrents? Despite what users might think, it is not a Linux malware. It installed itself to appdata, which only exists on Windows. The malware seems to be impersonating a GUI based downloader for Ubuntu. It stealthily runs some command prompts in the background to deliver the payload.

Continue Reading...