In another attack instance in the software supply chain, someone hacked into the official PHP programming language Git server and sent unauthorized updates to insert a secret backdoor in its source code
Both malicious commits were pushed to the self-hosted repository “php-src” hosted on the gitphpnet server, illicitly using the names of Rasmus Lerdorf, the author of the programming language, et de Nikita Popov, software developer at Jetbrains
“We don't know exactly how it went yet, but everything indicates a compromise of the net gitphpserver (rather than the compromise of an individual git account) “, Popov said in an ad
Modifications, which have been validated as “Correction de typo” in an attempt to go unnoticed as a typographical correction, involved provisions for the arbitrary execution of arbitrary PHP code. “This line executes the PHP code from the useragent HTTP header, if the string begins with ‘zerodium '”, said PHP developer Jake Birchall.
In addition to canceling the changes, PHP maintainers would examine repositories for any corruption beyond the two aforementioned commits It is not immediately clear whether the corrupted codebase was uploaded and distributed by other parties before the changes were detected and rolled back.
Following the incident, the team behind PHP is making a number of changes, including migration from source code repository to GitHub, with changes to be pushed directly on GitHub rather than on gitphpnet in the future., contributing to the PHP project will now require adding developers as part of the organization on GitHub
The development comes nearly two months after researchers demonstrated a new supply chain attack called “dependency confusion”, designed to execute unauthorized code in a target's internal software creation system.
We have contacted PHP officials regarding the incident and will update the story if we have any news.
Sign up for the cybersecurity newsletter and receive the latest news direct to your inbox daily
PHP, Git, code source, backdoor
News – United States – PHP Git server hacked to insert secret backdoor in its source code
Associated title :
– PHP& # 39; s Git Server hacked to insert a secret backdoor into its source code
– PHP& # Server Git server hacked to add backdoors to PHP source code