Gentoo is a free open source Linux or Free BSD-based distribution built using the Portage package management system that makes it more flexible, easier to maintain, and portable compared to other operating systems. Gentoo repositories are available at GitHub.

Gentoo GitHub account was hacked on 28th June by unknown individuals and the repositories were replaced by malicious codes and access of the team of Gentoo GitHub was blocked completely by hackers. So if you downloaded anything on that day consider that thing malicious and dump it and they created a new web page to describe the whole incident.

According to Gentoo developer Francisco Blas Izquierdo Riera, after gaining control of the Gentoo Github organization, the attackers “replaced the portage and musl-dev trees with malicious versions of the ebuilds intended to try removing all of your files.”

Ebuild are bash scripts, a format created by the Gentoo Linux project, which automates compilation and installation procedures for software packages, helping the project with its portage software management system.

They alerted people and said

“We are still working to determine the exact extent and to regain control of the organization and its repositories. All Gentoo code hosted on GitHub should for the moment be considered compromised.”

In an update later on its website, the organisation said it has regained control of the Gentoo GitHub Organization, but advised users to continue to refrain from using code from its GitHub account, as they are still working with GitHub, which was recently acquired by Microsoft for US$7.5 billion, on establishing a timeline of what happened. So if you did any update from GitHub account or downloaded any repositories you are recommended to eliminate those from your device.


Please enter your comment!
Please enter your name here