Skip to main content

If you installed PEAR PHP in the last 6 months, you may be infected

posted onJanuary 23, 2019
by l33tdawg
Arstechnica
Credit: Arstechnica

Officials with the widely used PHP Extension and Application Repository have temporarily shut down most of their website and are urging users to inspect their systems after discovering hackers replaced the main package manager with a malicious one.

“If you have downloaded this go-pear.phar [package manager] in the past six months, you should get a new copy of the same release version from GitHub (pear/pearweb_phars) and compare file hashes,” officials wrote on the site’s blog. "If different, you may have the infected file.”

The officials didn’t say when the hack of their Web server occurred or precisely what the malicious version of go-pear.phar did to infected systems. Initial indications, however, look serious. For starters, the advice applies to anyone who has downloaded the package manager in the past six months. That suggests the hack may have occurred in the timeframe of last July, and no one noticed either it or the tainted download until this week.

Source

Tags

Security

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th