The Xubuntu team has reported a troubling incident regarding their website, detailing the events surrounding a website hijack that occurred last month. On October 15, the official Xubuntu download page began serving a harmful .zip file when users attempted to download the official torrent. Although the erroneous link was swiftly identified and remedied, it raised concerns about how this breach occurred and if further downloads were affected.
Following an investigation by the Canonical Security team, the Xubuntu team clarified that the breach was limited to their website, which operates on WordPress and is managed by Canonical. A malicious actor exploited a vulnerability in the WordPress installation through a brute-force attack, injecting code that replaced Xubuntu’s legitimate torrent links with links to a compromised ZIP file. This file contained a Windows executable designed to intercept cryptocurrency account links copied to a user’s clipboard. Users who downloaded a file named Xubuntu-Safe-Download.zip are advised to delete it and run a trusted antivirus software.
Fortunately, other parts of the Xubuntu ecosystem, including official ISO mirrors and build systems, were not compromised, and the installed versions of Xubuntu on user machines remained safe. Upon detecting the malware, Canonical’s security team acted quickly to secure the site and disable the affected torrent links.
In light of this incident, the Xubuntu team expressed sincere regret over the impact it had on their community and emphasized the seriousness of the breach. They have committed to reassessing how they manage their online presence to prevent similar issues in the future. The Canonical security team has since removed malicious code, restored the site to a previous safe state, and secured the WordPress installation.
To prevent future occurrences, Xubuntu plans to migrate their official website from WordPress to Hugo, a static site generator that eliminates the attack vector exploited during this breach. Though plans to revamp their web presence were already in place, this incident provided additional motivation to expedite the transition.
A positive aspect of the situation was the swift response from the Xubuntu community, which played a crucial role in identifying and reporting the issue. Team members acknowledged the support they received, highlighting the community’s strong commitment to ensuring safety from malicious downloads.
As the security issue has been resolved and their new static website is in the works, Xubuntu’s developers are refocusing their efforts on the code and are looking forward to an upcoming Long-Term Support (LTS) release. They are currently seeking new contributors and encourage participation in various tasks, such as documentation and community support. More information can be found on the Xubuntu Contribute page.