Malware Found in Laravel-Lang Composer Packages After Git Tag Poisoning Attack

Attackers poisoned four Laravel-Lang Composer packages by rewriting hundreds of Git tags, compromising Laravel apps through malware injection. This attack vector exploits the trust in historical versions of the packages. The malware injection affects many Laravel applications.

1. Attackers exploited Git tag poisoning to inject malware into four Laravel-Lang Composer packages.
2. The attack affects many Laravel applications, with over 700 historical versions compromised.
3. The attackers injected malware into the packages, which can persist even after the packages are updated.
4. Detection opportunities include monitoring for suspicious Git activity and analyzing package dependencies.

T1098.002 - Exploitation of Trust in Code Signing

Laravel-Lang Composer packages, affected versions: 700+ historical versions, Git tags rewritten

Update to the latest version of the affected Laravel-Lang Composer packages and monitor for suspicious Git activity to prevent further exploitation.