2 min read

PHP PEAR Site Hacked; Tainted Package Available for Months

Liviu ARSENE

January 23, 2019

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
PHP PEAR Site Hacked; Tainted Package Available for Months

The official PHP Extension and Application Repository (PEAR) website has been shut down after an apparent hack caused the original PHP PEAR package manager to be replaced by attackers with a tainted version.

The framework developers have taken the website offline after noticing  that the original PHP PEAR package manager (go-pear.phar) was swapped in their file system. The malicious version seems to have been available for download for more than six months, meaning everyone who downloaded the package from the official webpage in that time could have been compromised.

“A security breach has been found on the http://pear.php.net webserver, with a tainted go-pear.phar discovered,” reads a notice on the official website. “The PEAR website itself has been disabled until a known clean site can be rebuilt. A more detailed announcement will be on the PEAR Blog once it’s back online.”

While the tool is open source and community-driven, these types of supply chain attacks are not uncommon. Security researchers even predicted that this attack method would become far more common in 2019, as threat actors leverage vulnerabilities in websites to replace legitimate binaries with tampered ones.

“If you have downloaded this go-pear.phar in the past six months, you should get a new copy of the same release version from GitHub (pear/pearweb_phars) and compare file hashes,” the notice reads. “If different, you may have the infected file.”

While developers have clearly stated that only the package hosted on the official website was affected, with the Github release apparently left unharmed, they still advise everyone to compare file hashes with the latest build.

A new clear version 1.10.10 of pearweb_phars is now available on GitHub for everyone to download and install. But, until the official website becomes available, there”s little information of how attackers might have used the tainted version to compromise victims.

With no information on who might have been behind the attack, how many users might have been affected, and in what way, everyone is encouraged to take appropriate steps, starting with downloading the newest version and perhaps auditing their systems.

The PEAR teams promises to come back with more details as their investigation progresses and their official websites becomes operational again.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read