Malicious backdoor discovered in popular open-source Linux tool

Red Hat, a software company, and the US Cybersecurity and Infrastructure Agency (CISA) have issued an alert regarding the discovery of malicious code within a widely used Linux utility.

The vulnerability, identified as CVE-2024-3094, impacts XZ Utils, a tool designed to compress large file formats into more manageable sizes for efficient sharing via file transfers. Red Hat has confirmed the widespread presence of this utility across nearly every Linux distribution. In response, the company swiftly issued an advisory to address the matter.

Collaborating closely with the open-source community, CISA has acknowledged reports of malicious code infiltrating versions 5.6.0 and 5.6.1 of XZ Utils. These compromised versions pose a risk of unauthorised access to affected systems.

CISA has urged developers and users to downgrade XZ Utils to a secure version, such as XZ Utils 5.4.6 Stable. Additionally, they recommend vigilant monitoring for any signs of suspicious activity, with prompt reporting of any findings to CISA.

The security team at Red Hat first uncovered the vulnerability, detecting malicious code within the latest iteration of XZ Utils, evidently crafted to facilitate unauthorised access.

Although both CISA and Red Hat have provided advisories, they have refrained from divulging further details regarding the scale of impact, the perpetrators behind the infiltration, or the primary locations of affected users.

In an urgent advisory notice, Red Hat has emphasised the immediate cessation of XZ Utils usage for both professional and personal purposes among certain user groups. They have also furnished links to updates aimed at mitigating the vulnerability. Under specific conditions, exploiting this vulnerability could enable hackers to gain remote access and compromise entire systems.