HACKERS have compromised four Laravel-Lang Composer packages by rewriting over 700 Git tags, injecting malware into the libraries used for localization in Laravel applications. The affected packages are not official parts of the Laravel framework but are community-driven projects. The attack appears to have targeted the organization's release process rather than a single package, allowing the installation of backdoored versions on updated or newly installed applications.
Researchers note that the attackers exploited GitHub's tagging system to link malicious tags to harmless commits while never modifying the official repository code. The malware, a cross-platform PHP information stealer, targets a range of sensitive data, including cloud credentials and application secrets. Affected teams are advised to assume compromise, check for impacted packages, rotate credentials, and secure systems until clean versions are available.