Recent research reveals Docker images on Docker Hub infected with the XZ Utils backdoor, with further propagation through built-on images. This incident highlights persistent security risks in the software supply chain and the importance of ongoing monitoring. #XZUtils #DockerHub
Keypoints
- The XZ Utils backdoor was discovered in Docker images on Docker Hub over a year after initial detection.
- Malicious images included a backdoor in the liblzma.so library, enabling remote access and arbitrary payload execution via SSH.
- The attack involved hijacking RSA_public_decrypt with a sophisticated, multi-year, state-sponsored approach.
- Many images built on infected base images extend the vulnerability further within the container ecosystem.
- Security experts emphasize the need for continuous binary-level monitoring to prevent silent propagation of malicious code.
Read More: https://thehackernews.com/2025/08/researchers-spot-xz-utils-backdoor-in.html