Binarly has created and released a free scanning tool to help defenders spot signs of the dangerous XZ backdoor (CVE-2024-3094).

The XZ.fail detection tool was released less than 24 hours after the discovery of a backdoor in the open-source XZ Utils, which provides lossless data compression on virtually all Unix-like operating systems, including Linux. (See CISA advisory).

According to Binarly chief executive Alex Matrosov, the tool includes generic IFUNC implantation detection with close to zero false-positives, showcasing the company's binary code intelligence engine in action.

"This detection is based on behavioral analysis and can detect any invariants automatically if a similar backdoor is implanted somewhere else," Matrosov added.

"Such a complex and professionally designed implantation framework is not developed for a one-shot operation. It could already be deployed elsewhere or partially reused in other operations. That's exactly why we started focusing on more generic detection for this complex backdoor," Matrosov added.

For those seeking more comprehensive detection and remediation strategies, the Binarly Transparency Platform offers an in-depth solution. With XZ detection capabilities deployed, the platform facilitates easy identification of malicious activities at scale, enabling users to take prompt and effective action to safeguard their software supply chains.

The XZ backdoor came to light on March 29, 2024, when a thread was published on Openwall's oss-security mailing list by Andres Freund, revealing a potential compromise in the open-source code.

For more information read our research article and access the free XZ backdoor scanner at XZ.fail.