VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Laravel‑Lang packages compromised — credential theft

Скомпрометированы пакеты Laravel‑Lang — кража учётных данных

Colleagues, please note: Laravel‑Lang packages have been compromised and now deliver a cross‑platform stealer.

Brief:
- Socket and Aikido: mass republishing (>700 tags), release infrastructure compromised.
- Malware in src/helpers.php (composer autoload.files) fingerprints host and fetches payload from flipboxstudio.info.
- Executes on Windows (VBScript), Linux and macOS; harvests cloud tokens, CI/CD secrets, wallets, browsers, SSH and config files; encrypts with AES‑256 and exfiltrates to /exfil.

Why it matters: dependency compromises lead to environment breaches.

Recommendation: inspect composer.json, scan laravel‑lang, block/monitor flipboxstudio.info and rotate secrets.

How do you verify external dependencies?

#cybersecurity #supplychain #PHP #DevSecOps

Latest comments

No comments yet.