Malicious code uploaded to PHP server
One of the developers of the PHP language, Nikita Popov, reported that the PHP source code was maliciously modified, adding a backdoor to enable remote code execution, and that the modification was uploaded to the php-src repository on 28th of March.
The incident is being investigated, but all indications are that the git.php.net server, which remains offline, was compromised. The latest stable version of PHP is not affected.
The new security measures adopted focus on making GitHub repositories no longer mirrors and commits are made directly on GitHub. Malicious code commits have already been removed.
References:
- 28/03/2021 news-web.php.net Changes to Git commit workflow
- 29/03/2021 bankinfosecurity.com Attacker Updates PHP Source Code to Include Backdoor
- 29/03/2021 derechodelared.com El servidor de PHP hackeado para agregar puertas traseras al código fuente de PHP