A software supply chain meltdown: What we know about the XZ Trojan
ID: 0d919810-d8d4-5d51-8451-68cd0f6b42b5
STIX ID: report--0d919810-d8d4-5d51-8451-68cd0f6b42b5
Feed Name: ReversingLabs Blog
Threat Score
A malicious, long-running supply-chain campaign injected a backdoor into xz/liblzma release tarballs (versions 5.6.0 and 5.6.1). The backdoor unpacks obfuscated payloads during build, abuses glibc IFUNC for runtime hooking to alter OpenSSH authentication (potentially bypassing RSA auth), and targets AMD64 glibc systems on .deb/.rpm distributions; organizations are advised to revert to a known-good xz (e.g., 5.4.x), hunt for compromise, and follow CISA guidance.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.