XZ Utils Backdoor Discovered in Docker Hub Images
Summary
Hide β²
Show βΌ
Docker images on Docker Hub have been found to contain the XZ Utils backdoor, designated CVE-2024-3094 with a CVSS score of 10, more than a year after the initial discovery. The backdoor, present in 35 images, has propagated through transitive dependencies, affecting other images built on top of these infected base images. The backdoor allows unauthorized remote access and execution of arbitrary payloads through SSH. The XZ Utils backdoor was first identified in March 2024, embedded in versions 5.6.0 and 5.6.1. The malicious code was introduced by a developer named "Jia Tan" (JiaT75), who had built trust over nearly two years before gaining maintainer responsibilities. The incident highlights the risks and complexities of supply chain attacks in the open-source ecosystem. Binarly, the firm that discovered the infected images, has reported the findings to Debian maintainers, who have chosen to leave the affected images available as historical artifacts. Despite the low likelihood of exploitation, the presence of these images poses a significant security risk. Docker has confirmed that the affected images were old Debian development builds, not intended for production use, and recommends using only up-to-date, maintained images in production.
Timeline
-
12.08.2025 21:17 π° 2 articles
XZ Utils Backdoor Found in 35 Docker Hub Images
Researchers have identified 35 Docker images on Docker Hub containing the XZ Utils backdoor, more than a year after the initial discovery. The backdoor, present in versions 5.6.0 and 5.6.1, allows unauthorized remote access and execution of arbitrary payloads through SSH. The infection has propagated through transitive dependencies, affecting other images built on top of these infected base images. The backdoor was designated CVE-2024-3094 and given a CVSS score of 10. It was distributed by Debian, Fedora, and OpenSUSE before being rolled back. Binarly identified 35 Debian images on Docker Hub containing the backdoor, including 12 Docker images and 23 second-order images. The impact on Docker images from Fedora, OpenSUSE, and other distributions remains unknown. Debian maintainers chose to leave the affected images available as historical artifacts despite the security risks. Docker confirmed the images were old Debian development builds, not intended for production use, and recommends using only up-to-date, maintained images in production.
Show sources
- Researchers Spot XZ Utils Backdoor in Dozens of Docker Hub Images, Fueling Supply Chain Risks β thehackernews.com β 12.08.2025 21:17
- Whispers of XZ Utils Backdoor Live on in Old Docker Images β www.darkreading.com β 13.08.2025 23:09
Information Snippets
-
35 Docker images on Docker Hub contain the XZ Utils backdoor.
First reported: 12.08.2025 21:17π° 2 sources, 2 articlesShow sources
- Researchers Spot XZ Utils Backdoor in Dozens of Docker Hub Images, Fueling Supply Chain Risks β thehackernews.com β 12.08.2025 21:17
- Whispers of XZ Utils Backdoor Live on in Old Docker Images β www.darkreading.com β 13.08.2025 23:09
-
The backdoor allows unauthorized remote access and execution of arbitrary payloads through SSH.
First reported: 12.08.2025 21:17π° 2 sources, 2 articlesShow sources
- Researchers Spot XZ Utils Backdoor in Dozens of Docker Hub Images, Fueling Supply Chain Risks β thehackernews.com β 12.08.2025 21:17
- Whispers of XZ Utils Backdoor Live on in Old Docker Images β www.darkreading.com β 13.08.2025 23:09
-
The backdoor was introduced by a developer named "Jia Tan" (JiaT75) over nearly two years.
First reported: 12.08.2025 21:17π° 2 sources, 2 articlesShow sources
- Researchers Spot XZ Utils Backdoor in Dozens of Docker Hub Images, Fueling Supply Chain Risks β thehackernews.com β 12.08.2025 21:17
- Whispers of XZ Utils Backdoor Live on in Old Docker Images β www.darkreading.com β 13.08.2025 23:09
-
The XZ Utils backdoor was first identified in March 2024 in versions 5.6.0 and 5.6.1.
First reported: 12.08.2025 21:17π° 2 sources, 2 articlesShow sources
- Researchers Spot XZ Utils Backdoor in Dozens of Docker Hub Images, Fueling Supply Chain Risks β thehackernews.com β 12.08.2025 21:17
- Whispers of XZ Utils Backdoor Live on in Old Docker Images β www.darkreading.com β 13.08.2025 23:09
-
The backdoor was discovered in 12 Debian Docker images and other second-order images.
First reported: 12.08.2025 21:17π° 2 sources, 2 articlesShow sources
- Researchers Spot XZ Utils Backdoor in Dozens of Docker Hub Images, Fueling Supply Chain Risks β thehackernews.com β 12.08.2025 21:17
- Whispers of XZ Utils Backdoor Live on in Old Docker Images β www.darkreading.com β 13.08.2025 23:09
-
Debian maintainers have chosen to leave the affected images available as historical artifacts.
First reported: 12.08.2025 21:17π° 2 sources, 2 articlesShow sources
- Researchers Spot XZ Utils Backdoor in Dozens of Docker Hub Images, Fueling Supply Chain Risks β thehackernews.com β 12.08.2025 21:17
- Whispers of XZ Utils Backdoor Live on in Old Docker Images β www.darkreading.com β 13.08.2025 23:09
Similar Happenings
TOR-based Cryptojacking Campaign Targets Misconfigured Docker APIs
A new variant of a TOR-based cryptojacking campaign targets misconfigured Docker APIs to propagate malware. The attack chain involves exploiting exposed Docker instances to deploy XMRig miners and reconnaissance tools. The malware also scans for additional ports and attempts to propagate via Telnet and Chromium remote debugging ports. The campaign may be setting up a complex botnet. The attack leverages Base64-encoded payloads and TOR domains for anonymity. It includes a dropper written in Go that parses user login information and uses Masscan for further propagation. The malware's source code includes an emoji, suggesting it may have been crafted using a large language model (LLM). The attackers mount the host root to the fresh container, allowing them to manipulate the host system and escape the container. The attackers modify the SSH configuration of the host system to elevate privileges and provide backdoor access. The attackers create a cron job that executes every minute to block access to the Docker APIβs port 2375, denying other attackers future access to the exposed instance. The threat actors deploy tools to perform mass scans for other open 2375 ports, which are used for malware propagation through the creation of new containers using the identified exposed APIs. The malware installs curl and tor, launches a Tor daemon, and waits for confirmation of the connection by accessing Amazon's checkip.amazonaws.com service over a SOCKS5 proxy. The malware appends an attacker-controlled public key to /root/.ssh/authorized_keys on the mounted host filesystem to enable persistent SSH access. The malware writes a base64-encoded cron job on the host, which executes every minute and blocks external access to port 2375 using available firewall utilities. The malware downloads a Zstandard-compressed Go binary over Tor, decompresses it, and runs it as a dropper. The Go binary parses the hostβs utmp file to identify logged-in users. The malware attempts to infect other exposed Docker APIs and removes competitor containers after gaining access. The malware includes inactive logic for exploiting Telnet (port 23) using default router credentials and for interacting with Chromeβs remote debugging interface (port 9222). The malware's behavior suggests it is an initial version of a complex botnet with capabilities for lateral movement, persistence, and potential future expansion for credential theft and browser hijacking. The campaign highlights the importance of securing Docker APIs and segmenting networks to prevent such attacks.
Malicious nx Packages Exfiltrate 2,349 GitHub, Cloud, and AI Credentials in Supply Chain Attack
A supply chain attack on the nx build system compromised multiple npm packages, leading to the exfiltration of 2,349 GitHub, cloud, and AI credentials. The attack unfolded in three distinct phases, impacting 2,180 accounts and 7,200 repositories. The attack exploited a vulnerable workflow in the nx repository to publish malicious versions of the nx package and supporting plugins. The compromised packages scanned file systems for credentials and sent them to attacker-controlled GitHub repositories. The attack impacted over 1,346 repositories and affected Linux and macOS systems. The nx maintainers identified the root cause as a vulnerable workflow added on August 21, 2025, that allowed for the injection of executable code via a pull request title. The malicious packages were published on August 26, 2025, and have since been removed from the npm registry. The attackers leveraged the GITHUB_TOKEN to trigger the publish workflow and exfiltrate the npm token. The malicious postinstall script scanned systems for text files, collected credentials, and sent them to publicly accessible GitHub repositories. The script also modified .zshrc and .bashrc files to shut down the machine immediately upon user interaction. The nx maintainers have rotated npm and GitHub tokens, audited activities, and updated publish access to require two-factor authentication. Wiz researchers identified a second attack wave impacting over 190 users/organizations and over 3,000 repositories. The second wave involved making private repositories public and creating forks to preserve data. GitGuardian's analysis revealed that 33% of compromised systems had at least one LLM client installed, and 85% were running Apple macOS. The attack took approximately four hours from start to finish. AI-powered CLI tools were used to dynamically scan for high-value secrets. The malware created public repositories on GitHub to store stolen data. The attack impacted over 1,000 developers, exfiltrating around 20,000 sensitive files. The malware modified shell startup files to crash systems upon terminal access. The attack was detected by multiple cybersecurity vendors. The malicious packages were removed from npm at 2:44 a.m. UTC on August 27, 2025. GitHub disabled all singularity-repository instances by 9 a.m. UTC on August 27, 2025. Around 90% of leaked GitHub tokens remain active as of August 28, 2025.
UNC6384 Deploys PlugX via Captive Portal Hijacks and Valid Certificates Targeting Diplomats
A China-nexus threat actor, UNC6384, has been targeting diplomats in Southeast Asia and other entities globally. The campaign, detected in March 2025, uses a multi-stage attack chain involving advanced social engineering, valid code signing certificates, adversary-in-the-middle (AitM) attacks, and indirect execution techniques to deploy the PlugX (SOGU) backdoor. The attacks leverage captive portal redirects and valid TLS certificates to evade detection and deceive targets into downloading malware disguised as software updates. The threat actor shares tactical and tooling overlaps with Mustang Panda, a known Chinese hacking group. The campaign highlights the sophistication of PRC-nexus threat actors and their evolving operational capabilities. The campaign targeted around two dozen victims, primarily Southeast Asian diplomats, between March and July 2025. The attack chain involves intercepting captive portal checks via compromised edge devices and uses a valid TLS certificate issued by Let's Encrypt to avoid browser security warnings. The STATICPLUGIN downloader is signed by Chengdu Nuoxin Times Technology Co. Ltd., which has signed at least 25 known malware samples since January 2023. The CANONSTAGER launcher uses unconventional techniques such as API hashing, TLS array usage, and executing code with window procedures and message queues to hide its activities.
Apple zero-day flaw in Image I/O framework exploited in targeted attacks
Apple has patched a zero-day vulnerability in the Image I/O framework (CVE-2025-43300) exploited in targeted attacks. The flaw, an out-of-bounds write issue, could lead to memory corruption or remote code execution. The vulnerability affects multiple iOS, iPadOS, and macOS versions. Apple has released updates for iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8. The flaw was exploited in sophisticated attacks against specific individuals. The vulnerability impacts a wide range of devices, including iPhone XS and later, various iPad models, and Macs running macOS Sequoia, Sonoma, and Ventura. Users are advised to update their devices immediately to mitigate the risk. The flaw was discovered internally by Apple and addressed with improved bounds checking. Apple has fixed a total of seven zero-days exploited in real-world attacks since the start of the year. The attacker's identity and specific targets remain unknown, but the vulnerability was likely weaponized as part of highly targeted attacks. The attacks have been described as 'extremely sophisticated,' suggesting nation-state involvement or spyware activity. Apple has previously disclosed other zero-day vulnerabilities this year, including CVE-2025-24200 and CVE-2025-43200, which were also exploited in targeted attacks. WhatsApp has patched a security vulnerability in its iOS and macOS messaging clients that was exploited in targeted zero-day attacks. The flaw (tracked as CVE-2025-55177) affects WhatsApp for iOS prior to version 2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78. The vulnerability, in combination with the Apple zero-day flaw (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users. The flaw is an insufficient authorization of linked device synchronization messages. WhatsApp has notified an unspecified number of individuals that they believe were targeted by an advanced spyware campaign in the past 90 days using CVE-2025-55177. The attacks impacted both iPhone and Android users, including civil society individuals. WhatsApp sent in-app threat notifications to less than 200 users who may have been targeted as part of the campaign. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the WhatsApp vulnerability (CVE-2025-55177) to its Known Exploited Vulnerabilities (KEV) catalog. The WhatsApp flaw was exploited as part of a highly-targeted spyware campaign by chaining it with the Apple zero-day flaw (CVE-2025-43300). Federal Civilian Executive Branch (FCEB) agencies are advised to apply the necessary mitigations by September 23, 2025, for both the vulnerabilities to counter active threats.
DripDropper Malware Campaign Exploits and Patches CVE-2023-46604 in Apache ActiveMQ
A threat actor, dubbed DripDropper, exploited a nearly 2-year-old vulnerability (CVE-2023-46604) in Apache ActiveMQ to compromise Linux servers. The attacker then patched the same vulnerability to prevent other threat actors from exploiting it. The campaign involved deploying a new malware loader, DripDropper, which communicates with an attacker-controlled Dropbox account. The attackers used various tools, including the Sliver framework and Cloudflare Tunnels, to maintain persistent access to compromised systems. The attackers modified existing sshd configurations to enable root login, granting them elevated access. The DripDropper malware is a PyInstaller ELF binary that requires a password to run, resisting analysis. The campaign highlights the importance of timely patching and robust security practices. The attackers targeted Linux servers running vulnerable versions of Apache ActiveMQ. They used the vulnerability to gain initial access, perform reconnaissance, and deploy malware. The campaign was discovered by Red Canary while monitoring cloud-based Linux environments. The attackers' tactics included patching the exploited vulnerability to prevent other threat actors from using the same flaw and to avoid detection by automated scans.