Most of the officials, including the widely used PHP extension and the application repository, have long terminated their website. Hackers are inviting users to check their systems after finding the main package manager.
"If you have downloaded this go-pear.phar [package manager] In the past six months, you need to get a new version of the same version from GitHub (Peer / Pearl_far) and compare file hashing, "Author wrote on the site blog." If you're different, you have a virus-infected file. "
It does not say exactly what has happened in their hack on their web server, or the exact version of go-pear.phar is not exactly what it is doing to the affected computers. The hints at the beginning are serious. This advice applies to those who have downloaded the package manager within the past six months. It indicates that the hack may have been in the july last July, and none of this has been downloaded or downloaded until this week.
What's more, viruses total, results from malware scanning service owned by Google, malicious PEAR download indicates that a blockard is installed, in a web shell form, on the affected servers. If true, hackers definitely provide full control over the hackers – apps are installing and executing malicious code, and downloading sensitive data – downloading sensitive data.
PEAR officials did not react to the questions about how their web server was infringed or downloaded maliciously. On TwitterThey have also downloaded Google via Google. They said they have updated the PearlForce software, including the download of small file types, and the GPG signature files for each phar file. This allows each person to check the authenticity of the pear element more easily.
Shape the source
Pier advice is to expose what is known as distribution and chain attacks. These attacks are especially effective because there are many resources that may have the potential to get its downloads in a hackbacked software. A computer update for 2.27 million computers is an example of recently known distribution network attacks, and a software update has been installed for the CCleaner Disk Utility Program in 2017. The hackers upgraded to the withdrawal after breaking the CCleaner build system. Backdord does not have any delay in 31 days.
MEDDoc, the developer of the widely used tax accounting application in Ukraine, was watched by the NotPetya Ransomware in July 2017 after the attackers. The attackers later propagated the company's update mechanism Ransomware. Netgogan, the software distributor company, sold hundreds of banks and infections in the global distribution network in 2017, server-or network management products. In October last year, two distribution networks came out. VestaCP, the control system, and the official repository of the widely used Python programming language.
Comparing the hash digest of the downloaded files to the distributor published by the distributor is one way to reduce the risk of victimization of distribution-chain attacks. This is not a fool-proof protection. Because hardware has the ability to change the installation files, there are capabilities to change published greys. However, it has been effective in a number of cases, particularly in large-scale mirrors published by hash.
Anyone who installed the PEAR installation files downloaded from Pear.php.net must check the full infections and keep track of the information from PEAR officials.