1. 6
  1. 2

    The use of the word “backdoor” is odd.

    From what I gather, this is a rootkit. Upstream systemd doesn’t have this code.

    1. 3

      “Backdoor” is a common term within AV industry to refer to (unwanted) software that receives command and control from another system. A “rootkit” is software that hides itself from various listings, such as by manipulating kernel structures or inline hooking userland APIs. So, in antivirus lingo, this article describes a backdoor and not a rootkit.

      The malware masquerades as systemd by using that term in its filenames. I don’t see any indication that it is distributed with systemd (what you’d call a supply chain compromise).