Hackers are targeting Linux. Xubuntu is their latest victim.

  • The Xubuntu website has been hacked.
  • They have taken advantage of an old WordPress bug.
  • If the file you download is a ZIP, be careful.
PablinuxUpdated on

3 minutes

Xubuntu offers viruses, it's hacked

These aren't the best of times for Linux. While operating systems remain generally as usual, quite secure, various projects are suffering attacks for reasons unknown. The latest to join the list of attacked projects is Xubuntu, and to save time and headaches, let's get straight to the point: don't download anything from xubuntu.org, or if you do, be careful what you're downloading.

At the time of writing this article—and believe me when I say I'd like to edit it because the news has already been published—when you go to the official Xubuntu website and click on one of the download buttons, what your browser will download is a file called Xubuntu-Safe-Download.zip. The name alone, which translated into English would be something like "Xubuntu Safe Download," should give you pause. Also, the extension should be ISO, not a ZIP file.

UPDATEDThe Xubuntu-Safe-Download.zip file is no longer available, and I'm not sure if it ever was. There are two possibilities:

  • that would have been available and they have already deleted it.
  • that the hacking wasn't very malicious and that the only thing they did was change the download link for another one that gives an error.

Xubuntu now, before AUR, Red Hat, Fedora…

The download link leads to the official domain, to the WordPress content section, so it seems that the hack It's total: they have entered your control panel and uploaded the malicious file there.

What they haven't hacked is the Ubuntu cdimage, and if you are interested in downloading Xubuntu you can do so from this link for the latest version and since this other for 24.04.3 LTS. There are both a regular and minimal versions available, including the software needed to boot the operating system and perform basic tasks.

This new attack follows others such as one on the AUR, Red Hat's GitLab, and another DDoS attack on Fedora.

The reason to be calm

We have reason to be calm. As we read in media such as RedditThese attacks are almost entirely (if not entirely) directed at websites, and don't extend to operating systems. In the case of Xubuntu, it appears they've exploited an old WordPress vulnerability. What we do need to be careful about is downloading anything infected.

What's behind these attacks? Impossible to know. Some joke that it's finally the year of Linux, and that's what happens when something popular is used. I think they're simply going to be annoying, and now it's our turn. Whatever the reason, be careful and use common sense.