[kwlug-disc] Fw: Backdoor found in widely used Linux utility

[Khalid Baheyeldin]

Here is a very readable detailed breakdown of how obfuscated shell
scripting was used in this exploit.

Very clever, very opaque, and effective.

The committer of these files took a few years to lay the groundwork
for his exploit (2021 to 2024, most likely by gaining trust first).

One tends to think this is funded by (or will be sold to) a state
actor or organized crime ...

https://gynvael.coldwind.pl/?id=782