PHP Pear hacked and unavailable
According to the official twitter channel of the popular source code repository for PHP, a hacking was detected and the service was temporarily suspended. Pear has been spreading malicious code for at least half a year.
PHP Pear attack - this attack on the so-called supply chain. This type of attack infects the repository of the distribution software, which is trusted by users and further along the chain the malicious code is distributed among the users of the service. Given the popularity of Pear and the amount of time elapsed since the infection, it can be assumed that the malicious code has got to a very large number of service users.
For all who have used go pear.phar for the last half year, it is recommended to check the checksums of the packets with those on github. If the checksums are different - this means that the package is infected. Some of the Trojans detected are: Backdoor.PHP.AZI, Backdoor.PHP.Webshell, HEUR: Trojan.Script.Generic. They allow you to completely take control of the infected service.
PHP Pear attack - this attack on the so-called supply chain. This type of attack infects the repository of the distribution software, which is trusted by users and further along the chain the malicious code is distributed among the users of the service. Given the popularity of Pear and the amount of time elapsed since the infection, it can be assumed that the malicious code has got to a very large number of service users.
For all who have used go pear.phar for the last half year, it is recommended to check the checksums of the packets with those on github. If the checksums are different - this means that the package is infected. Some of the Trojans detected are: Backdoor.PHP.AZI, Backdoor.PHP.Webshell, HEUR: Trojan.Script.Generic. They allow you to completely take control of the infected service.
Source: https://habr.com/ru/post/438800/