Red Hat Warns of Malware Embedded in Popular Linux Tool, Opening Doors for Unauthoriz

[harlan4096]

Red Hat has issued an urgent security alert regarding a highly sophisticated supply chain attack targeting the popular xz compression utility.

Cybersecurity researchers discovered malicious code embedded within recent versions of the xz libraries, which could potentially grant threat actors unauthorised remote access to affected Linux systems.

Technical Analysis of the Exploit

• The vulnerability is tracked as CVE-2024-3094.
  
• Compromised tools include the general-purpose data compression formats xz and xz-libs.
  
• Malicious code is actively present in versions 5.6.0 and 5.6.1.
  
• Security teams recommend reverting to the safe 5.4.x releases.
  
• Affected distributions currently include Fedora Rawhide, Fedora 40 Beta, Debian unstable (Sid), and openSUSE.
  
• The primary threat involves unauthorized remote system access via an SSH bypass.
  

The xz utility is a fundamental data compression format utilized across nearly every community and commercial Linux distribution to manage large file transfers.

The malicious injection specifically targets versions 5.6.0 and 5.6.1 of the libraries. Threat actors heavily obfuscated the payload, ensuring the complete exploit is only assembled within the official download package.

Continue Reading...