Researchers recently uncovered a backdoor in xz Utils, an open-source data compression utility widely used in Linux and other Unix-like operating systems. The malicious code was expertly crafted, with subtle changes that almost went unnoticed. The backdoor, once activated through SSH connections, granted root access to an unauthorized individual possessing a specific encryption key.
The origins of this backdoor trace back to a user named Jia Tan, who made their initial contribution to an open-source project in 2021. Over time, Tan gained trust within the xz Utils community and submitted updates that included the backdoor implementation. The sophisticated nature of the attack involved replacing secure functions and utilizing runtime hooking via IFUNC to enable unauthorized access.
Further analysis by developers revealed deep layers of obfuscation within the backdoor, making detection challenging. The attack targeted specific systems running Debian or Red Hat distributions, underscoring the level of planning that went into the scheme. Although considerable progress has been made in dissecting the inner workings of the backdoor, the true identity of Jia Tan remains shrouded in mystery, raising questions about the accountability of contributors within the open-source community.
Source link