Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux
Summary
Cybersecurity researchers have identified malicious PHP packages on Packagist, a package repository for the PHP language, that are disguised as legitimate Laravel utilities. These packages, when installed, deploy a cross-platform Remote Access Trojan (RAT) capable of infecting Windows, macOS, and Linux systems.
IFF Assessment
FOE
The discovery of malicious packages distributing RATs represents a direct threat to software supply chains and end-user systems, making it bad news for defenders.
Defender Context
This incident highlights the ongoing threat of supply chain attacks through package repositories. Defenders should be vigilant about the third-party code they incorporate, implementing strict vetting processes and monitoring for suspicious package activity.