Someone just tried to add a security backdoor in the PHP language

News
By published

PHP has immediately moved their developed to GitHub

html code
(Image credit: Pixabay)

Two malicious changes were made to the development branch of the upcoming PHP v8.1 in an attempt to add a backdoor to any website that runs this tainted version of the popular web development language.

While the objectionable code was caught and removed within a few hours, given the fact that PHP powers almost 80% of all websites on the Internet, the PHP developers have made some key infrastructural changes while they investigate the incident.

“While investigation is still underway, we have decided that maintaining our own git infrastructure is an unnecessary security risk, and that we will discontinue the git.php.net server,” shared PHP maintainer Nikita Popov.

TechRadar needs you!

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

Ramping up security

The threat actors made the two code changes in the name of Popov and PHP co-author Rasmus Lerdorf. 

Both the changes were innocently captioned to reflect that they fixed typos in the code. Since all changes go through a mandatory post-commit code review, the true intentions of the malicious changes were soon unraveled.

The threat actors must have assumed that using the name of senior PHP developers wouldn’t subject the changes to a detailed examination, especially for something as trivial as a typo fix. Their scheme fell apart though when a PHP developer pinged Lerdorf to explain the intention of the code that was committed in his name. 

Popov added that while the developers aren’t sure what exactly allowed the threat actors to make the modifications, prima facie evidence points to a compromise of PHP’s git server, rather than a compromise of an individual git account. 

This is why, even while the developers are investigating the attack, they’ve moved PHP development to GitHub, which puts a great onus on security

Popov rounds up by sharing that the developers are reviewing the repositories for any corruption beyond the two changes that have caught.

Via: BleepingComputer

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
Wordpress brand logo on computer screen. Man typing on the keyboard.
Thousands of WordPress sites targeted with malicious plugin backdoor attacks
GitHub Webpage
A cracked malicious version of a Go package lay undetected online for years
A hacker wearing a hoodie sitting at a computer, his face hidden.
Experts warn this critical PHP vulnerability could be set to become a global problem
An abstract image of digital security.
Hundreds of GitHub repositories hijacked to trick users into downloading malware
A graphic showing someone on a tablet working through a supply chain.
Security issue in open source software leaves businesses concerned for systems
hacker.jpeg
VSCode extensions pulled over security risks, but millions of users have already installed
Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
A fresh Samsung Galaxy S25 Edge leak hints at a 2K display and a titanium frame
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
More about security
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.

A fresh Samsung Galaxy S25 Edge leak hints at a 2K display and a titanium frame
See more latest
Most Popular
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
A fresh Samsung Galaxy S25 Edge leak hints at a 2K display and a titanium frame
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
SDUNITED AX835-025FF mini PC
This mini PC with the incredible Strix Halo APU is yet another sign AMD may have given up on big brands for bleeding edge tech
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
Dell Pro Max with GB300
HP and Dell's latest Nvidia powered PCs are likely to be some of the most expensive workstations ever launched
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand