23 January 19, 13:24
Quote:
Beware! If you have downloaded PHP PEAR package manager from its official website in past 6 months, we are sorry to say that your server might have been compromised.
Last week, the maintainers at PEAR took down the official website of the PEAR (pear-php.net) after they found that someone has replaced original PHP PEAR package manager (go-pear.phar) with a modified version in the core PEAR file system.
Though the PEAR developers are still in the process of analyzing the malicious package, a security announcement published on January 19, 2019, confirmed that the allegedly hacked website had been serving the installation file contaminated with the malicious code to download for at least half a year.
The PHP Extension and Application Repository (PEAR) is a community-driven framework and distribution system that offers anyone to search and download free libraries written in PHP programming language.
These open-source libraries (better known as packages) allows developers to easily include additional functionalities into their projects and websites, including authentication, caching, encryption, web services, and many more.
When you download PHP software for Unix/Linux/BSD systems, PEAR download manager (go-pear.phar) comes pre-installed, whereas Windows and Mac OS X users need to install the component when required manually.
![[Image: php-pear-hacked-packages-malware.png]](https://1.bp.blogspot.com/-56yMnwfCrPc/XEgzu66f2-I/AAAAAAAAzGw/PIVukGDXCsg140XiLwj8GYAkG5Lv7p_2wCLcBGAs/s728-e100/php-pear-hacked-packages-malware.png)
Full Article
![[-]](https://www.geeks.fyi/images/collapse.png)
