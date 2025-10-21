Malware, Supply chain

Xubuntu compromised to deliver crypto-stealing malware

Xubuntu, the Ubuntu-based Linux distribution using the Xfce desktop environment, had its downloads page compromised to deliver cryptocurrency-stealing malware, The Register reports. Multiple reports on Reddit, including the Xubuntu subreddit, noted that torrents downloaded from Xubuntu's website included a ZIP file with a dubious executable and tos.txt file, with the former not havign a .torrent file and the latter having a suspicious copyright dated 2026. Further analysis of the 'Xubuntu Safe Downloader' Windows app showed an improper software license. Another report on Reddit noted the installer to launch a cryptocurrency clipper payload, which saves an executable to AppData Roaming before proceeding with registry key configuration for persistence and startup execution. Actual cryptocurrency exfiltration as a result of the malware has not been observed so far. Xubuntu has also disabled its downloads page while addressing the issue. "We're in the process of migrating to a static environment which should make things like this a thing of the past, but our team is quite small and busy," said Xubuntu on Reddit.

