Part 5/13:

Years of maintenance had fallen on Collin, who worked tirelessly and unpaid, battling burnout and health challenges. Meanwhile, a malicious actor—posing as capable contributor Jia Tan—began secretly infiltrating the project. Jia's goal was to embed a backdoor into XZ that could serve as a gateway into the larger Linux and Unix-based ecosystem.

Jia's approach was meticulous:

• Initial infiltration: Using social engineering, Jia gained trust by contributing helpful patches, gradually securing a foothold.

• Injection of malicious code: Within the binary test blobs used for quality assurance, Jia inserted a hidden payload—a Trojan horse that would execute during build processes.