Security researchers have discovered dozens of Docker Hub images infected with the notorious XZ Utils backdoor, more than a year after the incident was first revealed.
Even more concerning, several other images have been built on top of these compromised base images, spreading the backdoor indirectly across the Docker ecosystem, according to a Binarly Research report shared with The Hacker News.
The firmware security company identified 35 Docker images containing the malicious code, underlining the persistent dangers to the software supply chain.
The XZ Utils Backdoor Incident
The XZ Utils supply chain compromise (CVE-2024-3094, CVSS score: 10.0) surfaced in late March 2024, when developer Andres Freund discovered a backdoor hidden in XZ Utils versions 5.6.0 and 5.6.1.
Analysis revealed that the malicious code allowed unauthorized remote access and could execute arbitrary payloads via SSH.
The backdoor, embedded within the liblzma.so library used by the OpenSSH server, was triggered when a client connected to an infected SSH server. By hijacking the RSA_public_decrypt function through glibc’s IFUNC mechanism, attackers with a specific private key could bypass authentication and execute root-level commands remotely.
The Long-Term Infiltration Strategy
Investigators traced the malicious changes to a developer named “Jia Tan” (JiaT75), who spent nearly two years contributing to the project to gain trust before becoming a maintainer. This patient, multi-year operation reflected the hallmarks of a state-sponsored, highly sophisticated cyber-espionage campaign.
According to Binarly, such a professionally designed implantation framework was unlikely to be intended for a one-time attack.
Ongoing Impact in the Docker Ecosystem
The latest Binarly findings reveal that 12 Debian Docker images remain infected with the XZ Utils backdoor. Some second-order Docker images — built using these compromised Debian images — are also affected.
Debian maintainers stated they intentionally kept the compromised images as a “historical curiosity”, citing the extremely low likelihood of exploitation in typical container environments.
However, Binarly warned that publicly available Docker images containing a potential network-reachable backdoor still pose a serious security threat, as exploitation requires network access to an infected container running SSH services.
Lessons for Supply Chain Security
The incident demonstrates how even short-lived malicious code can remain hidden in official container images for long periods, silently propagating through CI/CD pipelines and the Docker ecosystem.
Binarly emphasized the importance of continuous binary-level monitoring instead of relying solely on version tracking, to detect and stop such threats before they spread widely.
