Four Composer packages maintained by Laravel-Lang were poisoned after attackers rewrote Git tags to point to malicious code in a supply chain attack. The payload installed a PHP credential stealer that targeted cloud secrets, SSH keys, browser data, VPN configs, and other sensitive credentials across multiple operating systems. #LaravelLang #flipboxstudioinfo #laravel-lang/lang #laravel-lang/http-statuses #laravel-lang/attributes #laravel-lang/actions
Keypoints
- Four Laravel-Lang Composer packages were compromised with malicious Git tags.
- The affected packages were laravel-lang/lang, http-statuses, attributes, and actions.
- The attack began on May 22 and spread to all four packages by May 23.
- The malicious code fetched a PHP credential stealer from flipboxstudio[.]info.
- Victims should block the packages and rotate exposed secrets immediately.
Read More: https://www.securityweek.com/laravel-lang-packages-poisoned-for-malware-delivery/