This isn’t the kind of news I enjoy sharing, but unfortunately, it’s part of the story we have to tell. Here’s what’s going on. A Reddit user has raised a serious security concern, claiming that the official Xubuntu website may have been compromised and was briefly serving malware through its download page.
According to the post, clicking the site’s “Download” button reportedly led to a file named “Xubuntu-Safe-Download.zip”, which contained a Windows executable identified by VirusTotal as a Trojan. The malicious file appeared to masquerade as an installer and included a fake terms-of-service document to look legitimate.
The report suggests the malware acted as a crypto clipper, designed to hijack cryptocurrency transactions by replacing wallet addresses copied to the clipboard with those belonging to the attacker.
At the time of the report, the malicious redirection was said to have been active for around six hours before the Xubuntu team removed the compromised link. Right now, clicking the “Download” link on the website doesn’t do anything — it just sends you back to the homepage, confirming suspicions that something’s not right.
As of now, the project has not issued any official statement confirming or denying the incident, and it’s unclear how the alleged breach occurred. For now, users are advised to wait for an official update from the Xubuntu (or Canonical teams) before concluding.
Community members have urged caution and advised users who may have downloaded anything from the Xubuntu website during the affected period to verify file integrity using checksums or to download the official images from Ubuntu’s verified mirrors instead.
And finally, we cannot fail to mention that this report comes amid a string of recent security issues affecting some major Linux-related projects. In the last few months alone, the Arch AUR faced a package compromise, Red Hat’s GitLab instance was breached, and Fedora’s and Arch’s infrastructure suffered a DDoS attack that temporarily disrupted some of its services.
While these incidents differ in nature and impact, the growing trend of bad actors targeting major Linux projects is hard to ignore. Hopefully, though, this won’t keep happening—because going after open-source projects is not only deeply unethical but also creates a lot of confusion in the community about why anyone would even do it in the first place.
