As reported by The Linux Mint Blog (archived), their own webserver has been compromised. An admin named Clem alleges that on February 20th, Bulgarian attackers changed a URL pointing to an ISO file for "Linux Mint 17.3 Cinnamon edition." Unsuspecting users were instead sent to "5.104.175.212" (archived) which hosted a modified file containing "Tsunami" (archived) malware. WordPress is blamed in the same blog post for having given unauthorized access to a www-data shell. Of course these kinds of tricks are easily defeated by the use of strong cryptography such as GPG, but that kind of hygiene is beyond the patience the typical Linux user can be expected to muster. The blog post also mentions various md5sum signatures of the supposedly correct files, but these unreliable checksums are not themselves contained within a signed statement.