I’m sorry I have to come with bad news.
Does this affect you?
As far as we know, the only compromised edition was Linux Mint 17.3 Cinnamon edition.
How to check if your ISO is compromised?
The valid signatures are below:
Once in the live session, if there is a file in /var/lib/man.cy, then this is an infected ISO.
What to do if you are affected?
Delete the ISO. If you burnt it to DVD, trash the disc. If you burnt it to USB, format the stick.
If you installed this ISO on a computer:
- Put the computer offline.
- Backup your personal data, if any.
- Reinstall the OS or format the partition.
- Change your passwords for sensitive websites (for your email in particular).
Is everything back to normal now?
Not yet. We took the server down while we’re fixing the issue.
Who did that?
The hacked ISOs are hosted on 126.96.36.199 and the backdoor connects to absentvodka.com.
If you’ve been affected by this, please do let us know.