Research into Linux performance bugs has uncovered a backdoor in recent versions of the xz Utils tool. Developer Andres Freund discovered this backdoor on the Debian system. The SSH remote login protocol was using excessive CPU resources, leading to the Valgrind memory debugging tool crashing. During the investigation into the cause of the problem, the developer discovered a backdoor that had been implanted by a malicious actor or group in a recent update of xz, a widely used lossless compression tool in Linux.
The malicious code was designed to affect SSH functions and execute with root privileges. This indicates that the malicious actor obtained the encryption key to log in with SSH on the infected machine, thereby gaining remote control over the entire system. Security researchers suggest that a user known as JiaT575 or Jia Tan may be responsible for this backdoor.
The affected versions of xz Utils are 5.6.0 and 5.6.1. Red Hat, a company working with Linux, advises users not to upgrade or, if they have already done so, to revert to a previous version.