Security News > 2021 > March > PHP programming language source code targeted in backdoor attack
Malicious commits were made to the php-src repo on Sunday that could have enabled hackers to perform remote code execution on websites running the hijacked code.
The main Git repository for the PHP programming language has been moved to GitHub after hackers tried to insert a backdoor into the source code.
Two malicious commits were pushed to the PHP Git code repo on Sunday, March 28, and signed off under the names of PHP creator, Rasmus Lerdorf, and maintainer Nikita Popov.
Popov, who works for the PHP development team at JetBrains, said the PHP code base would be moved to GitHub while investigations were still underway into how the breach occurred.
While the malicious code was spotted before any harm was done, the consequences of a successful attack are worrying when you consider that PHP underpins much of the modern internet.
Going forward, developers who require write access to the PHP code base will need to be part of the PHP organization on GitHub, said Popov, which also requires two-factor authentication to be enabled.
News URL
Related news
- PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
- New npm attack poisons local packages with backdoors (source)
- New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations (source)
- Cisco warns of CSLU backdoor admin account used in attacks (source)