Search: [xz] - Bookmarks

hlein/distro-backdoor-scanner https://github.com/hlein/distro-backdoor-scanner

Mon 08 Apr 2024 12:47:46 PM PDT

Tools to scan OS distributions for backdoor indicators.

The toolkit used for the xz-utils backdoor is far too sophisticated to be a first draft. Were there earlier iterations of this, that shared some things in common but were slightly simpler, injected into other projects? Can we detect the style/"fist" of the author elsewhere? Moreso the delivery mechanics than the contents of the extracted+injected malicious .so.

These scripts unpack the source packages for all of a distro repo's current packages, then scan them for content similar to the malware that was added to xz-utils.

Running over the unpacked source trees of ~19k Gentoo packages and ~40k Debian packages gives a manageable amount of results (~hundreds of hits), digestable by a human. So far the only confirmed malicious results are... from the backdoored xz-utils versions.

karcherm/xz-malware https://github.com/karcherm/xz-malware

Tue 02 Apr 2024 08:11:31 AM PDT

Stuff discovered while analyzing the malware hidden in xz-utils 5.6.0 and 5.6.1.

amlweems/xzbot https://github.com/amlweems/xzbot

Mon 01 Apr 2024 01:05:41 PM PDT

Notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094).

[oss-security] backdoor in upstream xz/liblzma leading to ssh server compromise https://lwn.net/ml/oss-security/20240329155126.kjjfduxw2yrlxgzm@awork3.anarazel.de/

Mon 01 Apr 2024 10:07:29 AM PDT

Archive of the xz/liblzma backdoor thread, ongoing on oss-security.

Links per page

Filters