Secret Backdoor was found in PHP’s Git Server Source Code

Home ยป News ยป Secret Backdoor was found in PHP’s Git Server Source Code
Updated
March 29 2021

blank
Author
Brandon Skies

PHP’s Git Server Compromised

In a recent supply chain hacker attack, the official PHP Git (hit.php.net) server was hacked and the attackers managed to run unauthorized updates and thus insert in its code a malicious backdoor.

PHP's Git Server Compromised
PHP’s Git Server Compromised

 

The attack has apparently taken place on the 23d of March (yesterday) and it seems that the hackers have used the name of the creator of the PHP programming language, Rasmus Lerdorf, and the name of a JetBrains developer, Nikita Popov, while conducting the attack.

According to Nikita Popov, it is most likely that the main git.php.net server was compromised rather than an individual user account.

Measures taken to deal with the attack

At the moment of writing, the PHP maintainers are working on revoking the known changes made to the PHP server and are also checking the repositories for additional changes that may have not been discovered yet. Currently, there’s no clarity on whether any codebase had been downloaded from the server and distributed to third parties before the admins have become aware of the unauthorized changes.

One of the measures taken by the maintainers is migration to GitHub of the code repository which means that, from now on, changes to the code will go directly to GitHub and not to git.php.net. Another precaution will be that, in order to contribute to the PHP project, users (developers) will now have to be verified members of the GitHub organization.

The “dependency confusion” attack model

This hacker attack takes place nearly two months after a newly discovered chain attack model (named “dependency confusion”) was demonstrated by researchers with the aim to warn developers of the potential threat that it represents. The attack model can be used to secretly launch malicious code inside the internal software build, and it relies on the fact that a given piece of software may contain within its code elements from both public and private sources. The way the attack works is the hackers upload a newer version of a private component to the public repository, which results in an automatic update of the user’s software that downloads the malicious code without requiring the user’s permission. 

blank

Brandon Skies

Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.

One response to “Secret Backdoor was found in PHP’s Git Server Source Code”
  1. videobuddy official Avatar
    videobuddy official

    This is incredibly concerning! It’s alarming to think that a widely used platform like PHP could have a backdoor in its source code. I hope the developers are taking immediate action to address this vulnerability and ensure the security of the project moving forward. Thanks for keeping us informed about this critical issue!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Is Your PC Secure?

Protect your PC & prevent malware with SpyHunter (Try Free For 7 Days*)

Download SpyHunter Now
(Windows)