Malware being hosted on xubuntu.org
Aaron Rainbolt
arraybolt3 at gmail.com
Sun Oct 19 02:05:18 UTC 2025
xubuntu.org appears to have been compromised. The torrent download
links at https://xubuntu.org/download/ all point to a file named
"Xubuntu-Safe-Download.zip", which contains a malicious Windows
executable according to
https://www.virustotal.com/gui/file/0f59f553fcfac3cac07aa7986eac914be069a6dd407b2d9f761f11d3e865b4f6/detection.
A user on Reddit ran the executable in a sandbox; it appears to be
masquerading as a downloader for Xubuntu. See https://imgur.com/JpkTCzh.
This is right on the heels of a previous compromise (which attempted to
make Windows users download a malicious "browser update" via a
full-screen popup). I would strongly suggest taking the xubuntu.org
website offline until steps can be taken to prevent another compromise
in the near future.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/xubuntu-devel/attachments/20251018/8620a1e1/attachment.sig>
More information about the xubuntu-devel
mailing list