Hackers have gained access to the core infrastructure of LineageOS, a mobile operating system based on Android, used for smartphones, tablets, and set-top boxes.
The intrusion took place last night, on Saturday, at around 8 pm (US Pacific coast), and was detected before the attackers could do any harm, the LineageOS team said in a statement published less than three hours after the incident.
The LineageOS team said the operating system's source code was unaffected, and so were any operating system builds, which had been already paused since April 30, because of an unrelated issue.
Signing keys, used to authenticate official OS distributions, were also unaffected, as these hosts were stored separately from the LineageOS main infrastructure.
LineageOS developers said the hack took place after the attacker used an unpatched vulnerability to breach its Salt installation.
Salt is an open-source framework provided by Saltstack that is usually deployed and used to manage and automate servers inside data centers, cloud server setups, or internal networks.
According to reports from Salt server owners, attacks exploiting these two bugs began sometime yesterday. In some instances, attackers planted backdoors on hacked servers. In other instances, they deployed cryptocurrency miners.
There are currently more than 6,000 Salt servers left exposed online that can be exploited via this vulnerability, if left unpatched. Patches for the Salt vulnerabilities have been released earlier this week. Salt servers should normally be deployed behind a firewall and not left exposed on the internet.
The LineageOS team has taken down all of its servers last night, to investigate the incident and patch vulnerable servers.