Automatically translated.View original post

Cyber Horror: The XZ Utils Backdoor Case (CVE-2024-

When the "back door" is secretly installed in the backbone of the Internet,

Imagine you locked a house with the strongest key in the world... but the "locksmith" you trust the most, sneaked a small secret hole in the back of the house without anyone knowing. This is the true story that almost destroyed the security system of the Internet world forever. - The XZ Utils Backdoor Case (CVE-2024-3094)

Lasse Collin: The Tired Single Caretaker

Before the incident, the XZ Utils program was overseen by Lasse Collin (Larhzu) for more than 15 years (since 2009) as a single volunteer. There was no compensation. He had to bear everything. Amid mental health problems and stress, he accumulated so much that activity in the project declined.

This is a weakness that "someone" sees and uses as a perfect infiltration channel.

Jia Tan (JiaT75): The Devil in the Saint Stain, and a 2-Year Plot

November 2021, a mysterious character named Jia Tan appeared. He did not hack the model in the movie, but used Social Engineering calmly and cruelly:

• Create trust - Send good code to help with small tasks.

• Create pressure - Use multiple sockpuppet accounts to send Lasse Collin pressure emails saying "Update is too slow" or "If you can't do it, give it to someone else."

• Seize Power - 2022, the weakest Lasse Collin, accepts Jia Tan as co-maintainer By 2023, Jia Tan controls almost all of the projects, and signs a backdoor-mounted version of tarball himself.

What Happened: Every Open Ghost Shackle (Technical Backdoor Mechanism)

The latter gained full-handed power, Jia Tan secretly embedded the backdoor into versions 5.6.0 (February 24, 2024) and 5.6.1 (March 9, 2024). This code is so complex that "looking with the naked eye can't see."

Details the techniques that make it the scariest:

• Backdoor is only hidden in release tarball (not in Git repository), thus passing the general developer review.

• Use 2 test files that are binary (bad-3-corrupt _ lzma2.xz and good-large _ compresed.lzma), which look like normal test files.

• The build-to-host.m4 file is modified (only available in tarball) to run multi-layer scripts: decode → crack file → insert shared object named liblzma _ la-crc64-fast.o

• Use the glibc IFUNC mechanism, replacing the RSA _ public _ decrypt function of OpenSSL.

• Relying on a "third-party patch" that makes sshd load libsystemd → load liblzma automatically

• Results: When a hacker sends a unique Ed448 key → a remote code execution (RCE) can be ordered before authentication without the system detecting it.

The 5.6.1 version also improves to hide the notch and add "modularity" (SentinelOne believes this is to prepare an additional backdoor implant in the future).

Turning point: A slowness of only 0.5 seconds that changed the world.

This almost became a global tragedy, if not for Andres Freund (Microsoft engineer).

While testing Debian Sid, he found:

• SSH login slows down 500 milliseconds (0.5 seconds)

• CPU usage slightly higher + Valgrind error

He dug so deep that he found several layers of foreign code and hurried to post oss-security on March 29, 2024, before this version was pushed into a big production distro for just a few days!

Current status of the project (2026)

• XZ Utils is edited immediately. Every big distro (Debian, Fedora, Red Hat, SUSE) withdraws version 5.6.x back to the old version.

• Lasse Collin back in charge of regular project GitHub open repo back

• Jia Tan is also a mystery. No one knows the real identity (expected to be a government-sponsored actor. Because of 2 + years of patience + high level of complexity).

• The "remains" of the backdoor were also found in some Debian Docker images on the Docker Hub (discovered by Binarly August 2025), but Debian left it as "historical artifacts" because it was a dev building, not a production.

Conclusion: The Expensive Lessons of the Open Source World

XZ Utils is the biggest reminder that "trust" is the most dangerous weakness in this day and age. The Internet world relies on volunteers like Lasse Collin who are overworked to allow the possibility of infiltration of bad-wishers like Jia Tan.

This event brought the Open Source community about a big change: increased governance, automated scanning, and better maintainer care.

But the question that still haunts everyone is...

Where is Jia Tan still hiding? And what is he planning next in other projects?

Main reference source (2026 update)

• Wikipedia: XZ Utils backdoor

• Wired: The Mystery of Jia Tan

• SentinelOne: XZ Utils Backdoor - Threat Actor Planned Further Vulnerabilities

• Binarly: Persistent risk in Docker images (2025)

• Ars Technica & The Verge

By the round ⚽️

# Trending

# Programming

# Lemon8

4/2 Edited to

... Read moreหลังจากได้อ่านเรื่องราวของ XZ Utils Backdoor แล้ว ผมคิดว่านี่เป็นกรณีศึกษาที่สะท้อนความเสี่ยงสำคัญของซอฟต์แวร์ Open Source ที่หลายคนอาจมองข้ามไป ในฐานะนักพัฒนาและผู้ใช้งานโปรเจกต์ OSS ผมเองก็เคยเห็น maintainer หลายรายทำงานคนเดียวภายใต้แรงกดดันมหาศาล ซึ่งบางครั้งอาจไม่สามารถดูแลระบบได้ครบถ้วนตลอดเวลา การแทรกซึมของแฮกเกอร์ผ่าน Social Engineering อย่าง Jia Tan แสดงให้เห็นว่าเทคนิคโจมตีในโลกไซเบอร์ยุคนี้ไม่ได้ใช้แค่ฮาร์ดแวร์หรือโค้ดลับ แต่ยังพุ่งเป้าไปที่ความไว้ใจในชุมชนและความอ่อนแอของทีมงาน การที่ backdoor ถูกฝังใน release tarball ซึ่งนักพัฒนาไม่เห็นโค้ด แถมยังใช้ไฟล์ binary สำหรับการตรวจสอบปลอมเพื่อหลอกลวง ทำให้การตรวจจับยิ่งซับซ้อน ผมเองเคยประสบปัญหากับการจัดการซอฟต์แวร์ที่มี maintainer น้อยมาก จึงเข้าใจดีว่าความเสี่ยงนี้ไม่ใช่เรื่องไกลตัว เหตุการณ์นี้จึงเตือนให้เราตระหนักถึงความสำคัญของระบบ governance ที่เข้มแข็ง การตรวจสอบอัตโนมัติ และการสนับสนุนผู้ดูแลโปรเจกต์อย่างเหมาะสม ที่น่าสนใจคือความช้าเพียง 0.5 วินาทีที่พบโดย Andres Freund กลายเป็นจุดเปลี่ยนสำคัญที่หยุดยั้งโศกนาฏกรรมโลกไซเบอร์ครั้งใหญ่ เหตุการณ์นี้สอนให้รู้ว่าแม้รายละเอียดเล็กน้อยในระบบการทำงานก็สามารถบ่งบอกถึงภัยคุกคามร้ายแรงได้ สุดท้ายนี้ ผมคิดว่าความสงสัยและคำถามที่ว่าผู้โจมตี Jia Tan ยังแฝงตัวอยู่ที่ไหน และกำลังเคลื่อนไหวในโปรเจกต์อื่นหรือไม่ ควรเป็นแรงผลักดันให้วงการ Open Source และผู้ใช้ทั่วโลกเฝ้าระวังและร่วมมือกันเสริมแกร่งความปลอดภัยมากขึ้น เพราะเราทุกคนมีส่วนร่วมกับโครงสร้างพื้นฐานของโลกอินเทอร์เน็ตนี้โดยตรง

Related posts

#nails❤️ #nailinspo #nailsideas
🪼

🪼

1137 likes

I’m amazed ✨ credits to @bee.editxz
#katseyeedit #katseye
☕️𝓔𝓨𝓔𝓚𝓞𝓝 𝓘𝓒𝓞𝓝☕️

☕️𝓔𝓨𝓔𝓚𝓞𝓝 𝓘𝓒𝓞𝓝☕️

283 likes

Outfit details link : https://liketk.it/4Jpxz
Nakiah

Nakiah

1074 likes

Noxz ‘Into U Baby (mashup)’ was begging for sax
Noxz ‘Into U Baby (mashup)’ was begging for sax #noxz #intoubaby #sax #music #tamia #rhianna
ChrisMitchellJazz

ChrisMitchellJazz

161 likes

I’m hurt fymm🤦🏾‍♂️💯 #explorepage✨ #ajstarxz #fineshyt #relatable #fypageシ
Aj💫

Aj💫

0 likes

Pink tropical summer homescreen
Summer pink tropical homescreen iPhone inspo widgets and wallapapers #summerwallpaper #widgets #phonewallpaperinspo
renxz.s

renxz.s

584 likes

https://www.facebook.com/share/1B7DxZ6sxA/?mibexti
https://www.facebook.com/share/1B7DxZ6sxA/?mibextid=wwXIfr ☝🏽tape this 🔗 ☝🏽to inbox to order Like follow comment and share #letmepatchyouin #justTKreations
JustTKreations

JustTKreations

1 like

I wanted a real project I could actually show, not just talk about. So I used Atoms ⚛️ Check it out here: https://tinyurl.com/3xzc8xbe It feels like having a whole AI team helping me: 🔍 they do the deep research first 🏁 then Race Mode builds different versions so I can compare 👥 I just pick
emilie.studygram

emilie.studygram

20 likes

Tarot reading of the day
Tarot reading of the day. The Wren - courage, strength and balance. Hi everyone. Today’s short video is tarot reading for the collective using the Spiritual Meaning of Birds oracle with the Beyond the Garden Gates tarot. Today’s energy card is the Wren. I pulled a tarot card for each of
Cuppa and Cards

Cuppa and Cards

0 likes

Lucky me dis my specialty 🤣💯 #explorepage✨ #relatable #relationship #ajstarxz #fypageシ
Aj💫

Aj💫

0 likes

bangchan edition
I post funny pictures of them! (Lee know next) #skzfyp #skzbangchan #fyp #skz
Editor_xz

Editor_xz

40 likes

#trending #maga #deanwithers #viral #fyp #trump #politics
user5067666837745

user5067666837745

386 likes

XZ1ONX67

XZ1ONX67

0 likes

might needa pick a new career get a 9-5😭💯 #fypシ #scarymovie #comedy #ajstarxz #viral
Aj💫

Aj💫

0 likes

Twin I gotta break it to you 🤦🏾‍♂️ #explorepage #backdoor #goofy #relatable #ajstarxz #slimey #4upageシ
Aj💫

Aj💫

0 likes

🇺🇲 GREEN 💳 CARDS 🇺🇲
🇺🇲 GREEN 💳 CARDS 🇺🇲 News@ Www.gatewaypundit.com *FULL STORY IN LINK BELOW Trump Admin Order Could Force Hundreds of Thousands of Foreigners to Leave the US | The Gateway Pundit | by Jack Davis, The Western Journal https://share.google/d
NanoNano64

NanoNano64

1 like

Last day for DxZ
@Malachi Barton @Freya Skye
Odie0216 (Aligned)

Odie0216 (Aligned)

56 likes

A light yellow background with a white circle containing the text 'Cool ROBLOX GAMES TO PLAY!'. A cartoon rabbit character is at the top, and a black Roblox logo is to the right. Decorative ribbons are in the corners.
A Roblox game recommendation for 'Case File 1225', a detective visual novel where players investigate crimes as Nate alongside Damian. The image shows a character with a magnifying glass.
A Roblox game recommendation for 'KILL NPCS W/ DOOM MUSIC', where players obliterate NPCs with unique weapons and Doom music. The image shows a character in a green hat with 'INVASION' text.
COOL ROBLOX Games to PLAY!!! 🎮
Enjoy these Roblox games!!! ദ്ദി ˉ͈̀꒳ˉ͈́ )✧ #robloxgame #roblox #game #GameRecommendation #gamestoplay
mei ♡

mei ♡

3817 likes

soulxzzt died in the most funny ass way
#callofdutywarzone #funnymoments #fyp
fidget

fidget

1 like

😂😂 shi call me babyboo assum #foryou #babyboo #nbayoungboy #ajstarxz #xyzbca
Aj💫

Aj💫

1 like

💯😂wsp wit yall #birthdays #fypシ #question #ajstarxz #fypシ゚viral
Aj💫

Aj💫

1 like

Know they hate too see me coming😭💯 #explorepage #ajstarxz #vibewithme #relatable #walmart
Aj💫

Aj💫

0 likes

Lowk just lowk cool looking swords #xyzcba #fyp #overwatch #marvrivals #sekiro
⠀ ⠀ ⠀ ⠀ ⠀ ⠀zexxzty

⠀ ⠀ ⠀ ⠀ ⠀ ⠀zexxzty

0 likes

https://www.facebook.com/share/1B7DxZ6sxA/?mibexti
☝🏽Tape this link 🔗 to inbox and order ☝🏽
JustTKreations

JustTKreations

1 like

Replying to @xzexiity 😭😭😭
samfauguste

samfauguste

0 likes

#xyzcba #fyp #marvelrivals #marvel
⠀ ⠀ ⠀ ⠀ ⠀ ⠀zexxzty

⠀ ⠀ ⠀ ⠀ ⠀ ⠀zexxzty

1 like

All dreadheads ain’t evil luh baby🤦🏾‍♂️💯👀 #fypageシ #dreadhead #xyzbca #relatable #ajstarxz
Aj💫

Aj💫

7 likes

#freestyle #rlcs #rl
Pulse_Darkyy

Pulse_Darkyy

1 like

Follow my insta- Guxznnncx
#instagram #gains #fitnessjourneymotivation #baddiefit #bodytransformation
Guxznnncx

Guxznnncx

184 likes

ᑎᑌᖇᐯI . go to tiktok to see more videos bmnxz.i
#hair growth oil🫶🏾 #Hair #oil #fyp #entrepreneur
Bleu

Bleu

65 likes

Fatso needa finish Ts😐 #foryou #relatable #trending #backdoor #ajstarxz
Aj💫

Aj💫

8 likes

we listen and we don’t judge applies here or so help me 😤🐶✨ I can’t believe 3 years turned into only 58 minutes 🤡 #procrastination #cleaningmotivation #cleanwithme #procrastinationtips #resetroutine
Maddy Corbin

Maddy Corbin

90 likes

🫣😅 #danhausen #wweraw #wwetiktok #fyp #yxzcba
Ohheyitsmissa💋

Ohheyitsmissa💋

5 likes

A white Sony camera with a furry microphone, a pink tube, and a planner on a light-colored surface, illustrating a tech routine for social media management.
An open planner showing 'Editorial Calendar' and 'Content Brainstorm' sections, with a pink tube, detailing the brainstorming phase for social media content.
A laptop displaying a Google Docs content calendar, illustrating the planning phase where ideas are formulated into content and scheduled.
Social media management planning system 🫶🏼
I'm definitely a girlie that prioritizes organization and planning systems, and social media management is one of those things that can get super disorganized and overwhelming so quickly! Here's a few of the things I do to save time and stay organized when planning content and running so
Allie Marie 🧚🏻

Allie Marie 🧚🏻

55 likes

Park was posta shut down after i left😭💔 #foryou #waterpark #xyzbca #ajstarxz #trending
Aj💫

Aj💫

1 like

A collection of black and white embroidered patches and textured fabrics, featuring a distinctive stylized logo. Items include a boot, lipstick, heart, and rectangular designs, alongside a larger patterned fabric, all displayed on a wooden background with a 'Just TKreations' sign.
https://www.facebook.com/share/1B7DxZ6sxA/?mibexti
https://www.facebook.com/share/1B7DxZ6sxA/?mibextid=wwXIfr Please tape this ☝🏽link to inbox and place order like comment and share #letmepatchyouin #justTKreations
JustTKreations

JustTKreations

0 likes

A.J.Adams

A.J.Adams

2 likes

It ain’t Friday today Saturday”😭 #foryou #lilcam_ongo #xyzbca #yn #ajstarxz
Aj💫

Aj💫

1 like

Sbbgfntbtn😂🫣 #foryou #fendidarapper #xyzbca #ajstarxz #chicago
Aj💫

Aj💫

3 likes

Part 3 How I ACTUALLY Removed Netherite #toan #luigi #strengthsmp #travel #minecraft
KARDS KATCH UP

KARDS KATCH UP

0 likes

bro didnt replace the magsafe magnets #phonerepair #moneytalkswireless #asmr #playstation #nyc #deepcleaning #news
Cops 👮‍♀️

Cops 👮‍♀️

2 likes

Upskilling my way to the next level in account man
#yxzcba #christianlifestyle #blessed #foryou
Born again

Born again

1 like

👀it’s cool ik you can’t #explorepage #4upageシ #trending #youngboy #babyboo #ajstarxz
Aj💫

Aj💫

0 likes

A student's desk setup featuring an iPad displaying the time and various images, a MacBook Air, and stationery, illustrating a productive workspace.
A computer screen showing a file directory for 'Class Notes' with various files, accompanied by text advising to download all class files before graduating.
A computer screen displaying a graduation invitation design with a person in a cap and gown, along with text reminding to review graduation checklists and send invitations.
What I’m doing before graduating
As I’m graduating this coming May, I’ve got a list of things to do for myself and sharing it with you guys~ 1. Download any files from classes: just because we paid tuition for it so might as well get your money’s worth by keeping all the files!! who knows if you’ll end up using them some day…
Emily H.

Emily H.

30 likes

Touch!
By Katsyee
YourMustyGyaruGirl

YourMustyGyaruGirl

0 likes

Ima know if it do😐💯 #4upageシ #relationship #relatable #fypシ #ajstarxz
Aj💫

Aj💫

1 like

A title slide featuring the text "Light Purple Widgets + Wallpapers" with a purple CD, two Sanrio-like characters, and the Lemon8 logo on a light purple gradient background.
A grid of nine light purple themed images for widgets, including flowers, buttons, a CD, a daisy, a textured pattern, lavender, an eyeshadow palette, cherry blossoms, a Miss Dior perfume bottle, and a swirled pattern.
A second grid of nine light purple themed images for widgets, featuring a hibiscus, aurora borealis, seashells, a gladiolus, paper flowers, an oyster with a pearl, water ripples, bougainvillea, and macarons.
Light purple cute homescreen
Aesthetic cute light purple widgets and wallpapers homescreen iPhone 2026 #purplewallpaper #cutephonewallpaper #inspo
renxz.s

renxz.s

108 likes

See more