Hacking damage on PHP’s official Git server–found code to set backdoor

The official PHP Git server has been hacked. It seems that it aimed to insert malware into the code base of the PHP project. Nikita Popov, the developer and administrator of the PHP programming language, added two malicious commits to the php-src repository on March 28, under his own name and the name of PHP creator Rasmus Lerdorf. It was revealed that it was. These malicious commits pretended to be signed in the names of Popov and Lerdorf, respectively, pretending to be commits for simple typographical corrections. Despite trying to escape detection by pretending to be harmless in this way, contributors who scrutinized these two “Fix typo” commits said the string was Zerodium (a company that buys and sells exploits). ), I noticed that there was malicious code that triggered arbitrary code from within the HTTP user agent header.
As Bleeping Computer points out, this code appears to have been designed to provide a backdoor to create scenarios that enable remote code execution (RCE) attacks. The PHP development team doesn’t know exactly how this attack took place, but the clues suggest that it’s gimmicked against an official git.php.net server rather than a separate Git account. It’s likely that it was done, Popov said.
The script commented, “Removed this: sold to zerodium in mid-2017.” However, there appear to be no signs that exploit sellers were involved in cyberattacks. Zerodium CEO Chaouki Bekrar described the criminal as a “troll” and said, “Researchers who found this bug / exploit are trying to sell it to many organizations, but this crap. No one wanted it. ” This commit was detected and discarded before it went downstream or affected the user. The security incident is currently under investigation, and the team is scrutinizing the repository for signs of malicious activity. But the development team seems to have decided it’s time to make a permanent move to GitHub. Developers with previous write access to the project’s repository will now need to join the PHP group on GitHub.