Security News > 2021 > March > PHP web language narrowly avoids “backdoor” supply chain attack
Open source web programming language PHP narrowly avoided a potentially dangerous supply chain attack over the weekend.
In theory, anyone who downloaded the very latest "Still in development" version of PHP on Sunday 2021-03-28, compiled it, and installed it on a real-life, internet facing web server could have been at risk.
PHP development is managed using the well-known Git source code control system, on a server operated by the PHP team itself.
The good news, as we mentioned above, is that this backdoor didn't make it into any official PHP releases, so it's highly unlikely that this Trojan Horse code made it into any real-world servers.
If the above backdoor code has somehow made it into your PHP tree, you would see something like this instead. /home/user/php-source$ grep -R zend eval ext/zlib/* ext/zlib/zlib.
In the unlikely event that your code includes the backdoor, you need to refresh your PHP source from the new repository as well as looking for any other unexplained modifications in your code, or unexpected commands in your logs.
News URL
Related news
- Cisco warns of CSLU backdoor admin account used in attacks (source)
- Recent GitHub supply chain attack traced to leaked SpotBugs token (source)
- SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack (source)
- That massive GitHub supply chain attack? It all started with a stolen SpotBugs token (source)
- Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack (source)
- Ripple NPM supply chain attack hunts for private keys (source)
- Magento supply chain attack compromises hundreds of e-stores (source)
- Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack (source)
- ⚡ Weekly Recap: Nation-State Hacks, Spyware Alerts, Deepfake Malware, Supply Chain Backdoors (source)
- Supply chain attack hits npm package with 45,000 weekly downloads (source)