XZ backdoor killswitch
There appears to be a string encoded in the binary payload:
https://gist.github.com/q3k/af3d93b6a1f399de28fe194add452d01...
Which functions as a killswitch:
https://piaille.fr/@zeno/112185928685603910
Thus, one workaround for affected systems might be to add this to `/etc/environment`:
```
echo "yolAbejyiejuvnup=Evjtgvsh5okmkAvj" | sudo tee -a /etc/environment
```
+ restart ssh and systemd
21 comments
[ 3.2 ms ] story [ 54.7 ms ] thread[1] https://github.com/jbranchaud/blog/blob/master/_posts/2013-0...
- using a name that reveals their nationality?
- commiting at a timezone that reveals where are they located?
Please. We have no idea who's behind this. The only legitimate question is (as usual): who benefits from this? Answer: any government on earth (most likely: USA, China, Russia, etc.)
You probably don't have 100% certainty that the RCE hasn't already dropped a secondary payload.
Also, more discussion in here: https://news.ycombinator.com/item?id=39877267