This came up on my Youtube feed late last night.
This was definitely targeted towards Windows users thinking of switching to Linux. It was a torrent file that downloaded a Windows executable.
What surprised me more is that nobody from Canonical or the xubuntu team even noticed that the site had bee compromised for a few days. When Linux Mint got hacked about ten years ago. Clem spotted it within few hours.
If any one is thinking of switching to Linux.
Follow the installation instructions.
But generally you:
Download the iso or image file.
Check the sha checksum against the file on the site.
The use a Privacy Guard application to check that the binary is legitimate. You can find the GNU versions from here (https://www.gnupg.org/index.html), if you are a Windows user. If you are already on Linux, this is usually already installed, or in the distributions repository.