Highly Suspected Compromised Solus ISO / Rootkits Post Fresh Install

Nothing like a little FUD late in the evening to warm our hearts.

Wow Kyrios, I had never noticed that (probably because I'd never wanted to use it). Good to know it's there though.

Cursory research reveals English Bob is a y'tuber w/4800 subs, and one year ago he released a video about Solus called "Solus/Linux Security Blah Blah" (I forgot the rest). One can see Doherty barking at him in the comments like the old days
Anyway, I will bet an entire paycheck, without watching the vid, that rootkits never came up...you think someone would know by now, eh?

My 2 cents? This thread-posting brought to you 100% by a concerned competitor who views Solus a threat.....
(you see this in business all the time)

brent Let's be civil please. As far as I can tell Mark is just a concerned citizen who doesn't understand that he brought this to our attention poorly and most likely doesn't have the technical background or evidence to make such a claim.

DataDrake Fair enough, did not mean to step out of line.

brent Well just remember that this is the internet and it is easy to think the worst of people when they aren't right in front of you.

DataDrake You know how the fake reviews (good or bad) on yelp are so easy to spot? That's was this reminded me of. You are right, of course, character aspersion comes into play in the delicate art of calling someone out...(will refrain in the future). Sorry to steer it off-topic.

I did have proof that I had the hidden wasp or another variant of the Chinese malware but I did not document it because I did not have time. I stay pretty busy with my work as an IT Professional. The symptoms I experienced screams malware over my nearly decade of experience.

Please with all due respect you need not cop an attitude. Please simply address the issue like a responsible developer. I told people that I'm sure you guys would handle it and to be sure to verify there Iso's. Would you like to help me resolve my issues so that on a reinstall of Solus this does not happen again.

I left a symptoms list below. I apologize for the delay in responding as I've been dealing with this. I am actually now having similar quirkiness in Peppermint 10 OS. I am beginning to think it's an issue affecting a wide range of very popular distros based on my research.

Symptoms:

Opening Files with other File Contents and not changing to the current file being opened.
Dropping of browsers and downloads at random.
Core System Files modified containing ld.so
RKHunter revealing a warning showing 3 possible rootkits

brent brent please leave the discussion if your not interested in contributing to a fix. I am a IT services professional. I've nothing but love and appreciation for the Solus OS Project. This was not written to malign anyone. It's a very real and significant issue.

I am working with someone to resolve my issues. I will have content on this so you might want to watch how you portray yourself especially if your a member of the team because that reflects on how people see the distro.

kyrios Thanks for the input I am brand new to the Solus Forum. I can repost there or you guys might move it for me. Now I know so I will do just that going forward with security issues. No distro is perfect but it's just how you respond that matters most.

brent I had the rootkits showing on my earlier install. I'll soon be checking into Peppermint 10 OS as well. I'll be sure to cover my findings in a video soon enough.

Listen I'm not out to do anything but encourage, uplift and make Solus OS respected across the entire world. Look you guys have done a bang up Job. This just needs to addressed responsibly like anything else.

[deleted] Not a team member. Commented off the cuff, albeit, but I spoke for myself.

JoshStrobl That is what it showed when performing an update of my packages list if I remember correctly. I do remember it saying SHA 1 for the 1 way hash in the terminal. If I can get another machine up and running with Solus OS soon I'll be sure to show you my findings. I'm working on pulling a replacement build together.

DataDrake It's not an accusation. It's a support request for a suspected security flaw. If it's not taken seriously than how can I comfortably continue to use and recommend your distribution.

JoshStrobl I didn't realize until after the fact how old the video was which is even more concerning.

[deleted] What was done about this then. Was it reported? English Bob is active on Big Daddy Linux and I'm sure he must've mentioned it.

dbarron Your cool and I appreciate that. Yeah I'm not so sure one of my tarballs might have let something through but I already ran the tarballs through virus total and they came up clean.