2 min read

PHP PEAR Site Hacked; Tainted Package Available for Months

Liviu ARSENE

January 23, 2019

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
PHP PEAR Site Hacked; Tainted Package Available for Months

The official PHP Extension and Application Repository (PEAR) website has been shut down after an apparent hack caused the original PHP PEAR package manager to be replaced by attackers with a tainted version.

The framework developers have taken the website offline after noticing  that the original PHP PEAR package manager (go-pear.phar) was swapped in their file system. The malicious version seems to have been available for download for more than six months, meaning everyone who downloaded the package from the official webpage in that time could have been compromised.

“A security breach has been found on the http://pear.php.net webserver, with a tainted go-pear.phar discovered,” reads a notice on the official website. “The PEAR website itself has been disabled until a known clean site can be rebuilt. A more detailed announcement will be on the PEAR Blog once it’s back online.”

While the tool is open source and community-driven, these types of supply chain attacks are not uncommon. Security researchers even predicted that this attack method would become far more common in 2019, as threat actors leverage vulnerabilities in websites to replace legitimate binaries with tampered ones.

“If you have downloaded this go-pear.phar in the past six months, you should get a new copy of the same release version from GitHub (pear/pearweb_phars) and compare file hashes,” the notice reads. “If different, you may have the infected file.”

While developers have clearly stated that only the package hosted on the official website was affected, with the Github release apparently left unharmed, they still advise everyone to compare file hashes with the latest build.

A new clear version 1.10.10 of pearweb_phars is now available on GitHub for everyone to download and install. But, until the official website becomes available, there”s little information of how attackers might have used the tainted version to compromise victims.

With no information on who might have been behind the attack, how many users might have been affected, and in what way, everyone is encouraged to take appropriate steps, starting with downloading the newest version and perhaps auditing their systems.

The PEAR teams promises to come back with more details as their investigation progresses and their official websites becomes operational again.

tags


Author



Right now

Top posts

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read
Why and how to hide your IP address while traveling

Why and how to hide your IP address while traveling

April 13, 2022

2 min read
How Bitdefender Can Help Restore Your Privacy in the Digital Age

How Bitdefender Can Help Restore Your Privacy in the Digital Age

April 04, 2022

3 min read
How Strong is VPN Encryption?

How Strong is VPN Encryption?

February 28, 2022

3 min read
Top Three Ways Internet Users Unknowingly Help Cybercriminals

Top Three Ways Internet Users Unknowingly Help Cybercriminals

February 25, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read