CybserSecurity News

Tag: Xubuntu

  • Xubuntu Download Page Hacked: Malicious File Distributed for Several Days

    The Xubuntu team has released detailed information about the October incident during which the downloads page at https://xubuntu.org/download/ distributed a malicious file for several days instead of the usual torrent links. According to the report, an attacker gained access to the site by brute-forcing the password to a vulnerable WordPress component installed by Canonical for the project. After that, malicious code was embedded into the system, replacing the legitimate download links.

    The first warning about the suspicious file arrived on 15 October. Canonical immediately blocked the site, disabled the downloads page, and launched an investigation. From 15 to 19 October, specialists analyzed access logs, identified the intrusion path, removed all injected components, restored the affected pages, and strengthened WordPress security.

    By 19 October, community members confirmed that the malicious archive had been removed and that the page was once again safe. On 11 November, Canonical provided the team with a final summary: the vulnerability had been closed, the server reinforced with additional protections, and access to the downloads section restored in read-only mode in preparation for migration to a new platform.

    The incident affected only the web page and the substituted torrent files. The cdimages.ubuntu.com servers and the official Ubuntu repositories remained entirely secure, and mirrors were protected as long as they synchronized from official sources. Xubuntu’s build system, packages, and installation images were never compromised, and existing installations of the distribution were not at risk.

    Users who downloaded or opened the file Xubuntu-Safe-Download.zip during the attack window are advised to delete it and scan their systems with antivirus software. The team stresses that this is a standard precautionary measure for incidents of this nature.

    The breach accelerated Xubuntu’s transition to a Hugo-based static site, which eliminates entire classes of attacks that rely on WordPress vulnerabilities. The migration had been underway for some time, but the incident elevated it to a priority, and the new site is expected to launch soon.

  • Fake Xubuntu Installer Found Stealing Crypto on Official Website

    A malicious file was discovered in the downloads section of Xubuntu.org, the official website of the Ubuntu distribution featuring the Xfce desktop environment. The counterfeit installer, disguised as “Xubuntu — Safe Downloader,” was designed to steal cryptocurrency, though no reports of actual theft have been confirmed so far.

    The first warnings appeared on Reddit, where users noticed that the downloads page offered a suspicious ZIP archive containing an executable file and a text document outlining terms of use—curiously dated 2026.

    The fake application presented itself as a “verified safe installer,” but contained several inconsistencies, including an incorrect license and multiple spelling errors.

    The file was hosted within a WordPress directory, and the incident occurred roughly a month after a similar compromise in which the project’s blog was hacked to display online casino advertisements.

    Following the discovery, most sections of the website became inaccessible: menu pages returned a 503 Service Unavailable error, and download links redirected to the homepage. However, official system images remain available on Canonical’s mirrors for both the LTS and current releases.

    According to Reddit users, the malware operated as a crypto clipper—a program that saved elzvcf.exe to the AppData\Roaming directory, added itself to the system registry for automatic startup, and replaced cryptocurrency wallet addresses copied to the clipboard. Reports from Hacker News indicate that no financial losses have been observed.

    The Xubuntu development team explained that the issue stemmed from a failure in the hosting environment. The downloads section has been taken offline, and the project is migrating the website to a static platform to prevent similar incidents in the future.

    This episode highlights the fragility of community-maintained distribution infrastructure. Unlike Ubuntu Desktop, all derivative editions—such as Xubuntu, Kubuntu, and Lubuntu—are developed and maintained by volunteers. For instance, the official Lubuntu.me website was created after the team lost control of the Lubuntu.net domain, as documented in a 2018 announcement and subsequent discussions on Ask Ubuntu.

  • Xubuntu will stop providing 32-bit installation images from version 19.04

    Ubuntu 17.10 and many other Linux distributions have stopped providing 32-bit installation images earlier this year. But one of them still insists on providing an image for the i386 architecture, which is Xubuntu, but now Xubuntu also decided to give up the 32-bit installation image.

    Xubuntu and its lightweight Xfce desktop environment have continued to provide 32-bit installation images for those who wish to install this Linux distribution on older hardware. However, the Xubuntu development team now decided to move forward, so it gave up the build for 32-bit platforms. This decision will affect Xubuntu 19.04 and higher, but will not affect the current Xubuntu 18.04 LTS series.

    The development team announced the decision today and said it was made after the team voted.

    “This is an announcement that Xubuntu will no longer be shipping a 32-bit installation medium starting with Xubuntu 19.04. This decision comes after a team vote [1] that resulted in 6 of 10 members voting to remove the option, with no other votes posted.”