Techly NewsGet the app

Get the latest tech news

XZ backdoor story – Initial analysis


Kaspersky analysis of the backdoor recently found in XZ, which is used in many popular Linux distributions and in OpenSSH server process.

These scripts in turn extracted a malicious binary component from another test case file ( good-large_compressed.lzma) that was linked with the legitimate library during the compilation process to be shipped to Linux repositories. The actual malicious activity starts when the lzma_crc64 IFUNC invokes_get_cpuid, sees the counter value 1 indicating that that the function has already been accessed, and initiates one final step to redirect to the true entry point of this malware. In addition, Kaspersky Endpoint Security for Linux detects malicious code in SSHD process memory as MEM:Trojan.Linux.XZ(as part of the Critical Areas Scan task).

Get the Android app

Or read this on Hacker News

Read more on:

Photo of XZ backdoor story

XZ backdoor story

Photo of Initial analysis

Initial analysis

« Google Contract Shows Deal with Israel Defense Ministry
Adobe Firefly Used Thousands of Midjourney Images In Training Its 'Ethical AI' Model »