Users attempting to download Xubuntu, a lightweight Linux distribution derived from Ubuntu, are reporting getting malware instead. The project’s maintainers have temporarily disabled dowloads.
According to user reports on Reddit communities, Xubuntu’s website has likely fallen victim to hackers, who replaced torrent download links with malicious ones that serve ZIP archive with a suspicious executable.
The executable runs fake “Xubuntu – Safe Downloader.” Dozens of security vendors already have flagged this file as a malicious trojan.
Xubuntu is a lightweight and configurable desktop environment, a derivative of Ubuntu. Instead of GNOME desktop, Xubuntu is based on Xfce, a fast, simple and modular desktop environment, which is less taxing on the hardware.
The incident comes at a critical time, with many Windows 10 users looking to replace the discontinued OS, which is no longer receiving security updates.
Some tech pros noted that the malware replaces crypto wallet addresses with attacker-controlled ones. However, the associated wallets haven’t received any bitcoins or ethereum. It’s likely that malware is capable of more.
In a sandbox environment, the fake downloader prompts users to select a “Target Windows Version,” but the dropdown contains only Xubuntu as options. This suggests that the malicious package may have been adapted from previous campaigns originally targeting Windows systems.
Following the reports of the compromise, a user likely representing the Xubuntu team, acknowledged “a bit of a slip-up” on Reddit.
“We’re beholden to our hosting environment for upgrades and it looks like there was a bit of a slip-up here. It's being worked on, but for now the Downloads page is disabled,” a user under the moniker pleia2 posted.
The Cybernews community is talking about this. Be a part of the conversation.
“We’re in the process of migrating to a static environment which should make things like this a thing of the past, but our team is quite small and busy.”
Any users who ran the fake downloader are advised to rotate passwords, terminate active sessions on web accounts, messengers and other services, transfer any crypto assets to new wallets, reinstall (or wipe) Windows and check partitions for potential file compromises.
Unlock more exclusive Cybernews content on YouTube
Your email address will not be published. Required fields are markedmarked