Sun Oct 19 02:05:34 2025: Request 191832 was acted upon. Transaction: Ticket created by [email protected] Queue: Hostmaster Subject: Malware being hosted on xubuntu.org Owner: Nobody Requestors: [email protected] Status: new Ticket <URL: https://rt.admin.canonical.com/Ticket/Display.html?id=191832 >
xubuntu.org appears to have been compromised. The torrent download links at https://xubuntu.org/download/ all point to a file named "Xubuntu-Safe-Download.zip", which contains a malicious Windows executable according to https://www.virustotal.com/gui/file/0f59f553fcfac3cac07aa7986eac914be069a6dd407b2d9f761f11d3e865b4f6/detection. A user on Reddit ran the executable in a sandbox; it appears to be masquerading as a downloader for Xubuntu. See https://imgur.com/JpkTCzh. This is right on the heels of a previous compromise (which attempted to make Windows users download a malicious "browser update" via a full-screen popup). I would strongly suggest taking the xubuntu.org website offline until steps can be taken to prevent another compromise in the near future.
pgpmuQ7Bt_vkE.pgp
Description: PGP signature
-- xubuntu-devel mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/xubuntu-devel
