2 min read

PHP PEAR Site Hacked; Tainted Package Available for Months

Liviu ARSENE

January 23, 2019

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
PHP PEAR Site Hacked; Tainted Package Available for Months

The official PHP Extension and Application Repository (PEAR) website has been shut down after an apparent hack caused the original PHP PEAR package manager to be replaced by attackers with a tainted version.

The framework developers have taken the website offline after noticing  that the original PHP PEAR package manager (go-pear.phar) was swapped in their file system. The malicious version seems to have been available for download for more than six months, meaning everyone who downloaded the package from the official webpage in that time could have been compromised.

“A security breach has been found on the http://pear.php.net webserver, with a tainted go-pear.phar discovered,” reads a notice on the official website. “The PEAR website itself has been disabled until a known clean site can be rebuilt. A more detailed announcement will be on the PEAR Blog once it’s back online.”

While the tool is open source and community-driven, these types of supply chain attacks are not uncommon. Security researchers even predicted that this attack method would become far more common in 2019, as threat actors leverage vulnerabilities in websites to replace legitimate binaries with tampered ones.

“If you have downloaded this go-pear.phar in the past six months, you should get a new copy of the same release version from GitHub (pear/pearweb_phars) and compare file hashes,” the notice reads. “If different, you may have the infected file.”

While developers have clearly stated that only the package hosted on the official website was affected, with the Github release apparently left unharmed, they still advise everyone to compare file hashes with the latest build.

A new clear version 1.10.10 of pearweb_phars is now available on GitHub for everyone to download and install. But, until the official website becomes available, there”s little information of how attackers might have used the tainted version to compromise victims.

With no information on who might have been behind the attack, how many users might have been affected, and in what way, everyone is encouraged to take appropriate steps, starting with downloading the newest version and perhaps auditing their systems.

The PEAR teams promises to come back with more details as their investigation progresses and their official websites becomes operational again.

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read