Open sourcerers say suspected xz-style attacks continue to target maintainers

2024-04-16 14:07

Open source groups are warning the community about a wave of ongoing attacks targeting project maintainers similar to those that led to the recent attempted backdooring of a core Linux library.

Higher-ups at the OpenJS Foundation and Open Source Security Foundation believe the attempt to plant a backdoor into Linux's xz data compression library "May not be an isolated incident" given their recent observations.

The OpenJS Foundation Cross Project Council, a policy and governance group within the OpenJS Foundation, recently received a series of suspicious emails it believes were an attempt to mess with one of the popular, unnamed JavaScript projects it hosts.

"This approach bears strong resemblance to the manner in which 'Jia Tan' positioned themselves in the XZ/liblzma backdoor," said Robin Bender Ginn, executive director at OpenJS Foundation, and Omkhar Arasaratnam, general manager at OpenSSF. Two other popular JS projects, ones that aren't hosted by the OpenJS Foundation, received similar messages too, the open source honchos said.

Deviation from norms in any context should be viewed with raised eyebrows, but in open source, it could signal an attacker's intent to introduce malicious payloads into the project.

They pointed to existing funding projects that have already led to various improvements across open source projects, such as the security-focused Alpha-Omega project, which is supported financially by Microsoft, Amazon, and Google.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/04/16/xz_style_attacks_continue/

#attack #XZ