Threat Intelligence, Supply chain, DevOps

XZ Utils backdoor remains pervasive in Docker Hub images

The Docker website is displayed on a computer.

BleepingComputer reports that at least 35 Docker Hub-hosted Linux images were found by Binarly researchers to remain infected with the XZ Utils backdoor, signifying a potentially serious supply chain threat.

"...[W]hat we discovered is that some of these compromised images are still publicly available on Docker Hub. And even more troubling, other images have been built on top of these infected base images, making them transitively infected," said Binarly researchers, who noted that Debian, which is among the maintainers of the backdoored images, refused to take down the compromised images after being notified. Debian noted that the images had not been removed due to the unlikely requirements for their exploitation, including sshd installation and execution on the container, as well as attacker SSH service network access and private key usage. Such downplaying of the images' risks has been condemned by Binarly, which emphasized their threat in automated builds or accidental pulls.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds