Xubuntu website got hacked and is serving malware (trojan)

farsighter · October 2025

Just be aware, Xubuntu.org got hacked and their download button tries to download “Xubuntu-Safe-Download.zip”, that seems to include a fake TOS and an EXE, and Virustotal confirms malware (a Trojan) inside of it. Seems someone’s trying to get noobs from Windows that could be interested in Linux (more so now because the Win10 EOL)

https://www.reddit.com/r/linux/comments/1oad1m6/xubuntu_website_got_hacked_and_is_serving_malware/

MikeA · October 2025

Damn, that's really bad.

iriska · October 2025

404 on my side, file seems to have been removed.

If anyone has the zip please PM me, I couldn't get it in my sandbox in time.

angstrom · October 2025

@iriska said:
404 on my side, file seems to have been removed.

I think that the file was removed a while ago -- it's the web page + links that they haven't yet changed

iriska · October 2025

@angstrom said: I think that the file was removed a while ago -- it's the web page + links that they haven't yet changed

Seems you are correct. Surprised more AV vendors hadn't flagged it yet then.

shallownorthdakota · October 2025

this_file_is_totally_not_a_virus_swearsies.bat

Protocol903 · October 2025

@iriska said: Seems you are correct. Surprised more AV vendors hadn't flagged it yet then.

I have this conspiracy theory where actual 2-3 AVs do the job and rest just wait for signature/behavior pattern to be published by those AVs through some group chat.

varwww · October 2025

xubuntu.org keeps getting hacked since it runs an outdated wordpress version by canonical. I keep complaining every few months on their IRC channel, they revert it and it gets hacked again few days later.

if you want safe download links use https://cdimage.ubuntu.com/xubuntu/releases/ It is hosted on a different container apparently.

uekix · October 2025

Nice try, Fedora.

CloudHopper · October 2025

@varwww said:
xubuntu.org keeps getting hacked since it runs an outdated wordpress version by canonical. I keep complaining every few months on their IRC channel, they revert it and it gets hacked again few days later.

if you want safe download links use https://cdimage.ubuntu.com/xubuntu/releases/ It is hosted on a different container apparently.

The fact that they can't do the basics to manage their website makes me sceptical of the entire Distro. Red flags being red flags and all of that...

Neoon · October 2025

@CloudHopper said:

@varwww said:
xubuntu.org keeps getting hacked since it runs an outdated wordpress version by canonical. I keep complaining every few months on their IRC channel, they revert it and it gets hacked again few days later.

if you want safe download links use https://cdimage.ubuntu.com/xubuntu/releases/ It is hosted on a different container apparently.

The fact that they can't do the basics to manage their website makes me sceptical of the entire Distro. Red flags being red flags and all of that...

Duh, businesses, run their Wordpress instances like this.
Seems kinda normal for some.