Hackers have tried to plant a PHP backlog |
Unknown hackers have attempted to implant malicious code in PHP (an estimated 79% of websites use this programming language).
The developers who run PHP claim that the attacker may compromise the PHP server, make two promises, or try to change the language's source code.
These promises were made under the account names of two well-known PHP developers, Rasmus Lerdorf and Nikita Popov.
Popov wrote in a statement, "We don't yet know how this happened, but everything points to git.php.net hackers, not the individual Git account hackers."
While an investigation is still ongoing, the developers believe that maintaining an independent Git infrastructure is an unnecessary security risk and have shut down the git.php.net server.
"PHP has moved its code repository to GitHub, which is an open source platform for software developers," Popov added.
This is just one example of a weak supply chain that resides at the backbone of a popular website.
The developers who oversee the code discovered the malicious code before it was published on the site.
When the malicious code spreads, attackers can damage many websites.
Back doors can hijack the entire website and allow visitors to execute any code they want without permission.
PHP was integrated into 79% of W3Tech's websites surveyed, including Facebook and Zoom.
Due to the wide use of programming languages, PHP vulnerabilities are often exposed when users make urgent calls to update their software.
The event highlighted why software development hubs have become an attractive target for supply chain penetration as users rely on code sourced from legitimate sources.
GitHub, with tens of millions of users, struggled with tampering with code last year.
Before the investigators removed the malware, hackers were able to use GitHub to distribute malicious code to 26 different software projects on the platform.