Packagist | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities that act as a conduit for a cross-platform remote access trojan (RAT) that's functional on Windows, macOS, and Linux systems. The names of the packages are listed below - nhattuanbl/lara-helper (37 Downloads) nhattuanbl/simple-queue (29 Downloads) nhattuanbl/lara-swagger (49 Downloads) According to Socket, the package "nhattuanbl/lara-swagger" does not directly embed malicious code, lists "nhattuanbl/lara-helper" as a Composer dependency , causing it to install the RAT. The packages are still available for download from the PHP package registry. Both lara-helper and simple-queue have been found to contain a PHP file named "src/helper.php," which employs a number of tricks to complicate static analysis by making use of techniques like control flow obfuscation, encoding domain names, command names, and file paths, and randomized identifie...

PHP software package repository Packagist revealed that an "attacker" gained access to four inactive accounts on the platform to hijack over a dozen packages with over 500 million installs to date. "The attacker forked each of the packages and replaced the package description in  composer.json  with their own message but did not otherwise make any malicious changes," Packagist's Nils Adermann  said . "The package URLs were then changed to point to the forked repositories." The four user accounts are said to have had access to a total of 14 packages, including multiple Doctrine packages. The incident took place on May 1, 2023. The complete list of impacted packages is as follows - acmephp/acmephp acmephp/core acmephp/ssl doctrine/doctrine-cache-bundle doctrine/doctrine-module doctrine/doctrine-mongo-odm-module doctrine/doctrine-orm-module doctrine/instantiator growthbook/growthbook jdorn/file-system-cache jdorn/sql-formatter khanamiryan/...

Researchers have disclosed details about a now-patched high-severity security flaw in Packagist, a PHP software package repository, that could have been exploited to mount software supply chain attacks. "This vulnerability allows gaining control of  Packagist ," SonarSource researcher Thomas Chauchefoin  said  in a report shared with The Hacker News. Packagist is used by the PHP package manager Composer to determine and download software dependencies that are included by developers in their projects. The disclosure comes as planting malware in open source repositories is turning into an attractive conduit for performing  software supply chain attacks . Tracked as  CVE-2022-24828  (CVSS score: 8.8), the  issue  has been described as a case of command injection and is linked to another similar Composer bug ( CVE-2021-29472 ) that came to light in April 2021, suggesting an inadequate patch. "An attacker controlling a Git or Mercurial repository...