There is a popular ziping library for Linux called XZ.
Someone (probably the maintainer) managed to embed a malware in the latest version of it that goes to SSH (Remote desktop for terminals) and disables certain security features letting someone who knows they have been disabled remote in to a server with an open SSH port.
Once in, they can do whatever they want
Latest Answers