DEV Community

Jadi
Jadi

Posted on

Unveiling the xz Utils Backdoor which deliberately opens our SSH connections for RCEs

Recently a bad actor, implemented a backdoor is one of the most widely used libraries in GNU/Linux distors; the xz compression suit. This backdoor lets the attacker to execute system() calls with no authentication; an RCE attack.

It seems this bad actor; called "JiaT75" was planning for this during last 2 years and succeeded to do so after acquiring trust and becoming a trusted developer of the project.

In this video I will explain the attack and the background knowledge needed to understand it.

Top comments (0)