That's quite funny - yes, not only is this a horrible wilful backdoor, it is also a GPL violation since the backdoor is a derived work without included source / distributed not in "the preferred form for modification".
Sadly, it looks like xz-utils is actually public domain. Only some of the scripts (like xzgrep) were GPL. So it is and remains only a joke, not an actual violation, hilarious as that would have been to enforce