A new XZ backdoor scanner will be able to safeguard any Linux binary from threats

Binarly’s scanner could save you a lot of time

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

IT teams worried about the XZ Utils supply chain attack can breathe a bit more easily after Binarly released a free online scanner to ease worries.

Cybersecurity researchers looking into slow SSH logins on Debian Sid recently discovered a backdoor in the latest version of XZ Utils, a set of data compression tools and libraries, used by majorLinux distros.

The backdoor leveraged a vulnerability tracked as CVE-2024-3094, and was introduced to XZ version 5.6.0 by a pseudonymous attacker, and it persisted in 5.6.1. Soon after its discovery, the cybersecurity community rallied to address the issue, with CISA suggesting downgrading the tool to 5.4.6. Stable, and then hunting for, and reporting, any malicious activity.

Better results

Better results

Other security teams started byte string matching, file hash blocklisting, and different YARA rules, all of which weren’t exceptionally effective. Some even led to false positives, which only made the problem worse.

Enter Binarly, with a dedicated scanner that works for the particular library, and any file with the same backdoor.

“Such a complex and professionally designed comprehensive implantation framework is not developed for a one-shot operation. It could already be deployed elsewhere or partially reused in other operations. That’s exactly why we started focusing on more generic detection for this complex backdoor,” Binarly said in its announcement.

Compared to previous methods, this scanner returns better results, it was said, as it scans for various supply chain points beyond just the XZ Utils project.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“This detection is based on behavioral analysis and can detect any variants automatically if a similar backdoor is implanted somewhere else,” Binarly’s lead security researcher and CEO, Alex Matrosov, toldBleepingComputer. “Even after recompilation or code changes, we will detect it,” Matrosov added.

The scanner can be found at xz.fail.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

Quordle today – hints and answers for Saturday, November 9 (game #1020)