If you installed PEAR PHP in the last 6 months, you may be infected

Dan Goodin

from Ars Technica - All content on 2019-01-23 20:10 (#47M3C)

Officials with the widely used PHP Extension and Application Repository have temporarily shut down most of their website and are urging users to inspect their systems after discovering hackers replaced the main package manager with a malicious one.

"If you have downloaded this go-pear.phar [package manager] in the past six months, you should get a new copy of the same release version from GitHub (pear/pearweb_phars) and compare file hashes," officials wrote on the site's blog. "If different, you may have the infected file."

The officials didn't say when the hack of their Web server occurred or precisely what the malicious version of go-pear.phar did to infected systems. Initial indications, however, look serious. For starters, the advice applies to anyone who has downloaded the package manager in the past six months. That suggests the hack may have occurred in the timeframe of last July, and no one noticed either it or the tainted download until this week.

Read 6 remaining paragraphs | Comments

index?i=c_OZqEWPfOc:-To0r-zSs-Q:V_sGLiPB

index?i=c_OZqEWPfOc:-To0r-zSs-Q:F7zBnMyn

Source	RSS or Atom Feed
Feed Location	http://feeds.arstechnica.com/arstechnica/index
Feed Title	Ars Technica - All content
Feed Link	https://arstechnica.com/