Someone managed to insert a compromised file into the downloads section of the website for Xubuntu, the official Ubuntu flavor with the Xfce desktop environment. The malware was designed to steal cryptocurrency, but so far, there are no reports of actual theft.

Investigations are continuing, but over the weekend, there were several Reddit reports, such as this one in the Xubuntu subreddit , that the downloads page on the main Xubuntu.org site had been compromised:

Torrent downloads over at https://xubuntu.org/download/ are serving a zip file with a suspicious exe and a tos.txt inside. The TOS starts with Copyright (c) 2026 Xubuntu.org which is sus, because it is 2025. I opened the .exe with file-roller and couldn't find any .torrent inside.

The Windows app called itself "Xubuntu — Safe

See Full Page