Researchers from Phylum have made a fresh discovery shedding light on a serious security issue that has impacted the Open software community.
It has been revealed that in the liblzma-sys package, which is widely used by Rust developers, malicious test files linked to a backdoor were leaked in the XZ Utils compression tool, causing a stir across the Internet at the end of last month.
The Liblzma-Sys package, which has been downloaded over 21,000 times, provides Rust developers access to the implementation of LibLzma, a library that is part of XZ Utils. The affected version was reported to be 0.3.2 of this package.
According to a post on GITHUB dated April 9, 2024, “The current distribution (v0.3.2) on Crates.io contains test files for XZ, which include”
Backdoors can be introduced into software during development or even while it is operational (e.g., through malicious software). They can be used for purposes such as espionage or remote control of a system or device.