Linux Mint Website Hacked and ISOs replaced with Backdoored Operating System

Are you also the one who downloaded Linux Mint on February 20th? You may have been Infected!
Linux Mint is one of the best and popular Linux distros available today, but if you have downloaded and installed the operating system recently you might have done so using a malicious ISO image.

Here's why:
Last night, Some unknown hacker or group of hackers had managed to hack into the Linux Mint website and replaced the download links on the site that pointed to one of their servers offering a malicious ISO images for the Linux Mint 17.3 Cinnamon Edition.

"Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it," the head of Linux Mint project Clement Lefebvre said in a surprising announcement dated February 21, 2016.

Who are affected?
As far as the Linux Mint team knows, the issue only affects the one edition, and that is Linux Mint 17.3 Cinnamon edition.

The situation happened last night, so the issue only impacts people who downloaded the above-mentioned version of Linux Mint on February 20th.

However, if you have downloaded the Cinnamon edition or release before Saturday 20th, February, the issue does not affect you. Even if you downloaded a different edition including Mint 17.3 Cinnamon via Torrent or direct HTTP link, this does not affect you either.

What had Happened?
Hackers believed to have accessed the underlying server via the team's WordPress blog and then got shell access to www-data.

From there, the hackers manipulated the Linux Mint download page and pointed it to a malicious FTP (File Transfer Protocol) server hosted in Bulgaria (IP: 5.104.175.212), the investigative team discovered.

The infected Linux ISO images installed the complete OS with the Internet Relay Chat (IRC) backdoor Tsunami, giving the attackers access to the system via IRC servers.
Tsunami is a well-known Linux ELF trojan that is a simple IRC bot used for launching Distributed
Denial of Service (DDoS) attacks.

Hackers vs. Linux Mint SysAdmins
However, the Linux Mint team managed to discover the hack, cleaned up the links from their website quickly, announced the data breach on their official blog, and then it appears that the hackers compromised its download page again.

Knowing that it has failed to eliminate the exact point of entry of hackers, the Linux Mint team took the entire linuxmint.com domain offline to prevent the ISO images from spreading to its users.

The Linux Mint official website is currently offline until the team investigates the issue entirely.
However, the hackers' motive behind the hack is not clear yet.

"What we don't know is the motivation behind this attack. If more efforts are made to attack our project and if the goal is to hurt us, we’ll get in touch with authorities and security firms to confront the people behind this," Lefebvre added.

Hackers Selling Linux Mint Website's Database
The hackers are selling the Linux Mint full website's database for a just $85, which shows a sign of their lack of knowledge.

The hack seems to be a work of some script kiddies or an inexperienced group as they opted to infect a top-shelf Linux distro with a silly IRC bot that is considered to be outdated in early 2010. Instead, they would have used more dangerous malware like Banking Trojans.
Also, even after the hack was initially discovered, the hackers re-compromised the site, which again shows the hackers' lack of experience.

Here's How to Protect your Linux Machine
Users with the ISO image can check its signature in an effort to make sure it is valid.
To check for an infected download, you can compare the MD5 signature with the official versions, included in Lefebvre's blog post.

If found infected, users are advised to follow these steps:

• Take the computer offline.
• Backup all your personal data.
• Reinstall the operating system (with a clean ISO) or format the partition.
• Change passwords for sensitive websites and emails.

You can read full detail about the hack here. The official website is not accessible at the time of writing. We’ll update the story when we hear more.

Netflix has a black market for passwords, and they sell for just 25 cents

Attention Netflix users! Have you noticed odd activity in your ‘Recently Watched’ queue? There’s a possibility your account may have been compromised after a recent malware and phishing campaign targeting users has led to an influx of credentials for sale on the Dark Web for the low price of just 25 cents.

It’s long been known that hackers are nabbing and selling Netflix passwords, but a new report this week from security firm Symantec suggests the problem is growing following the streaming site’s recent international expansion to 130 new regions.

For hackers, the expanding membership base of Netflix, which is now available in a total of 190 regions globally, means there are more opportunities than ever to steal and sell passwords.

While the cost of a subscription for the streaming service already seems pretty reasonable when you look at the (legal) alternatives, the rise of the black market in Netflix passwords shows some people are willing to pay a lot less even if it means breaking the law.

According to Symantec, hackers grab passwords mainly through phishing attacks where a Netflix user is tricked into hitting a malicious link in an email or website that leads them unknowingly to a fake login page for the service. Malware is also being used to harvest account information, the California-based security firm said.

It also reveals that some cybercriminals are selling Netflix passwords on the dark Web for as little as 25 cents a pop. An ad lifted from the Web by Symantec shows a password vendor offering a minimum purchase of four accounts for a total of $1, adding that it has 300,000 passwords in stock. Its “terms of service” instructs customers not to change any account details as this would obviously alert the genuine subscriber to unauthorized activity.

Assuming the account details are indeed left untouched by the intruder, as a legitimate user you could still notice that your account’s been compromised if your “recently watched” list says you’ve already steamed through the entire season of Making a Murderer when you know darn well you haven’t (though why haven’t you?).

The video-streaming service now has 75 million users worldwide, a figure that indicates there’s plenty of potential for the black market in stolen Netflix passwords to expand and go on operating.

If you suspect that your Netflix account has been receiving an unwelcome visitor (or visitors), be sure to run a check:

• Go to website haveibeenpwned.com. 
• Check out the email address associated with your Netflix acount

Of course, if you’d rather be safe than sorry, you can skip that step and go straight to the fix: change your password. The important thing to remember is that you should change the password of any other account that uses the same one.

Warning — Setting This Date On iPhone Or iPad Will Kill Your Device Permanently

Don’t Try this at Home! An interesting software bug has been discovered in Apple's iOS operating system that could kill your iPhone, iPad or iPod Dead Permanently.

Yes, you heard me right.

An issue with the date and time system in iOS had emerged recently when Reddit users started warning people that changing your iPhone's or any iOS device's date to January 1, 1970, will brick your iPhone forever.

You can watch the whole process in the video given below. Even regular recovery tricks do not work

So, you are recommended to Not Try This Trick with your iOS device really – unless you book a trip to your local Apple Store.

While I don’t have any intention or desire to try it out with my iPhone 6s to confirm the authenticity of the bug, it is pretty much clear based on reports that seem legitimate.

YouTuber Zach Straley first discovered the issue, which was later confirmed by iClarified, who tested the trick on an iOS device.

Affected iOS Devices
This bug affects any iOS device that uses 64-bit A7, A8, A8X, A9 and A9X processors and runs iOS 8 or newer, including iPhones, iPads, and iPod touches. However, for those running on 32-bit iOS versions are not affected by this issue.

How the Bug Kills the iPhone?
Basically, the whole process is due to this:

• Set up the date to January 1, 1970, via settings on your iOS device
• Reboot your device, and you are done.

Your iPhone or iPad will no longer boot and will be stuck to the Apple logo. Even recovery mode restore or DFU mode will not let you restore your device; it will remain stuck on the bootup screen.


Your device will reportedly not come back, and the only way to get it back to work once again is to take your iOS device to an Apple Store.

The Only Way to Get Your iPhone Back
The bug is believed to be related to UNIX timestamp epoch that causes the kernel to crash. The only way to get it back is to open the device's casing and physically disconnect the battery from the logic board. This could only be done with the help of Apple's Genius Bar.

This process will reset the iPhone's date and allow it to boot.

While there isn't any other fix at the moment, Apple is expected to come up with a software update to fix and unbrick the affected iOS devices.

Though some users are saying that letting the battery drain could make the iPhone work once again, or changing the SIM card could fix the issue, or waiting for the device to back after 5 hours, you are still advised to not try this on your device as there is no guarantee these tricks are going to work.