Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
Researchers have identified a supply chain attack targeting the Laravel-Lang project, compromising four PHP packages: laravel-lang/lang, laravel-lang/http-statuses, laravel-lang/attributes, and laravel-lang/actions. The attacker published malicious tags on Packagist, the PHP package repository, that inject a credential-stealing framework. The malware is designed to exfiltrate environment variables, database credentials, and API keys from infected systems. This attack is particularly dangerous for Laravel developers who rely on these packages for localization. The malicious code is cross-platform, affecting both Linux and Windows environments. Developers are advised to audit their composer.lock files and verify package integrity. The incident underscores the ongoing risk of supply chain attacks in open-source ecosystems.
Compromised packages can silently steal credentials from thousands of Laravel applications.