This is the best timeline I've seen so far on what we know about the Xz backdoor. Some good info here for researchers: https://boehs.org/node/everything-i-know-about-the-xz-backdoor
A list of strings found in the backdoor code:
https://gist.github.com/q3k/af3d93b6a1f399de28fe194add452d01
@briankrebs whoa.
theres a killswitch, and it looks like it was aiming to take screenshots, and possibly interact with other user accounts (pam?) on the system.
crafty!
@Viss do you think the second to the last line is the kill switch (the long seemingly random string)?
The intel community in the US is going to have fun taking this apart come Monday. The boys at Meade are probably already trying to track this guy down.
Personally, I suspect a national state, but good luck figuring out which one.
@briankrebs I'm interest in who expected a payoff commensurate with the effort that apparently went into creating this xz backdoor.
Two names that are mentioned as entities that sped this backdoor along -- Hans Jensen and Jia Tan -- both worked on a fork of lz4, a compression algorithm. I'm guessing anything either of these guys touched is getting the fine-toothed comb treatment now, but this one stood out for me b/c of the overlap.
- replies
- 0
- announces
- 0
- likes
- 2
@briankrebs Is it true that a #microsoft Dev found the #LinuxBackdoor ?🤔
@briankrebs they are likely the same person, along with other sock puppet accounts pressuring the author to give commit rights. At least 4