The official website of Xubuntu, one of the most popular Ubuntu-based Linux distributions, has been compromised by hackers. Attackers silently replaced the legitimate download links with malicious files, exposing unsuspecting visitors to malware. The incident was first reported by users on Reddit and other tech forums.
Fake Torrents and a Trojanized Downloader
Under normal circumstances, downloading Xubuntu involves retrieving a .torrent file that securely fetches the Linux ISO image. However, in this attack, the download links on Xubuntu.org were modified to point to a ZIP archive containing a Windows executable named TestCompany.SafeDownloader.exe.
Once launched, the fake installer mimics a genuine Ubuntu downloader with a simple graphical interface — but secretly executes background commands to install malware.
Interestingly, the malicious file only targets Windows users. According to an analysis on VirusTotal, 26 out of 72 antivirus engines detect the executable as dangerous. Security experts believe the program is a crypto clipper — a type of malware that intercepts cryptocurrency wallet addresses copied to the clipboard and replaces them with those belonging to the attackers.
In short, anyone infected risks having their crypto transactions redirected to the hackers’ wallets.
Linux Versions Remain Safe — But Caution Is Advised
Fortunately, early reports confirm that the official torrent files and Xubuntu mirrors were not compromised. The intrusion appears to have affected only the main Xubuntu.org website.
The project’s team released a brief statement mentioning an “incident in their hosting environment” and has temporarily disabled the download page.
However, the communication has been criticized for being too vague, leaving key questions unanswered — such as how the attackers gained access and how many users might be affected.
Since the breach, the website has reverted to an older version from April 2024, with the download section partially disabled — likely a temporary emergency rollback to contain the threat.
How to Stay Safe
If you recently downloaded Xubuntu from the official website, take the following steps immediately:
- Verify file integrity — Check the SHA256 checksums of your installation files against the official values.
- Run a full antivirus scan — Use an up-to-date antivirus or malware removal tool to check for infections.
- Reinstall if uncertain — If anything seems suspicious, reinstall your system using a verified ISO from the official Ubuntu website or a trusted mirror.
It’s also recommended to avoid unofficial download links and always verify digital signatures when available.
The Bottom Line
This attack highlights the increasing trend of supply-chain compromises targeting open-source projects. Even trusted Linux distributions can become vectors for Windows malware when their infrastructure is breached.
Until Xubuntu.org confirms the integrity of its download servers, users should avoid downloading from the site and rely instead on official Ubuntu mirrors.
And if you'd like to go a step further in supporting us, you can treat us to a virtual coffee ☕️. Thank you for your support ❤️!
We do not support or promote any form of piracy, copyright infringement, or illegal use of software, video content, or digital resources.
Any mention of third-party sites, tools, or platforms is purely for informational purposes. It is the responsibility of each reader to comply with the laws in their country, as well as the terms of use of the services mentioned.
We strongly encourage the use of legal, open-source, or official solutions in a responsible manner.
Comments