Unidentified hackers have attempted to plant malicious code in PHP, the programming language used on an estimated 79 percent of websites.
The developers who maintain PHP said the attackers had compromised the PHP server and made two commitments or tried to make changes to the language’s source code.
The commitments were presented under the account names of two well-known PHP developers, Rasmus Lerdorf and Nikita Popov. Nikita Popov.
Popov wrote in statement: We don’t know how exactly this happened yet, but everything points to a git.php.net server hack rather than a single git account hack.
While an investigation is still ongoing, the developers decided that maintaining their standalone Git infrastructure was an unnecessary security risk, and that they had shut down the git.php.net server.
“PHP is moving its code repositories to GitHub, which is an open source platform for software developers,” Popov added.
This is just one example of the supply chain vulnerabilities inherent in the backbone of popular websites.
Developers who preserve the code discovered the malicious code before it was presented to the public via websites.
Had the malicious code been spread, the attackers could have tampered with many websites.
The back door would make the sites completely hijacked and allow visitors to execute the code of their choice without permission.
PHP was integrated into 79 percent of the websites it covered studying W3Tech advisory, including Facebook and Zoom.
PHP vulnerabilities tend to be exposed through an urgent call to users to update their software due to the widespread use of the programming language.
The incident underscores why software development parks are attractive targets for supply chain penetration, as users trust code delivered from legitimate sources.
GitHub, which has tens of millions of users, struggled with code-tampering last year.
Hackers were able to use GitHub to spread malicious code across 26 different software projects within the platform before the investigators removed the malware.