"Torrent downloads over at https://xubuntu.org/download/ are serving a zip file with a suspicious exe and a tos.txt inside. The TOS starts with Copyright (c) 2026 Xubuntu.org which is sus, because it is 2025. I opened the .exe with file-roller and couldn't find any .torrent inside. The Windows app called itself "Xubuntu - Safe Downloader" and claimed to be: © 2025 Test Company - All rights reserved.Verified Safe Installer It had the latter phrase in green, with no space following the period, and none on the end. Also, it referred to the wrong software license."
"The file was in a WordPress path, and the suspicious activity follows a month after a similar report that the blog section of the site had been hacked, and was serving slot-machine adverts in non-English languages. The issues have now been made safe, to the extent that all the sub-pages linked from the site's top bar, from "About" to "The Blog", simply yield a 503 Service Unavailable error, and the Downloads URL simply redirects back to the main page."
Xubuntu.org's downloads section briefly served a zip containing a suspicious .exe and a tos.txt, with the TOS dated 2026 despite 2025 and no .torrent inside. The Windows executable identified itself as "Xubuntu - Safe Downloader", claimed © 2025 Test Company and displayed a malformed 'Verified Safe Installer' message and an incorrect license reference. The file was hosted in a WordPress path following an earlier blog compromise that served foreign-language gambling adverts. Site subpages now return 503 errors and the Downloads URL redirects; official ISOs remain available from Canonical's cdimage mirror and investigations continue.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]