A coordinated supply chain attack has compromised eight packages on Packagist, the primary repository for PHP dependencies, by embedding malicious code inside JavaScript configuration files rather than the expected PHP manifests. The campaign, first reported by The Hacker News on 23 May, downloaded and executed a Linux binary hosted on GitHub Releases — marking a notable shift in how threat actors bypass language-specific security controls.
Security firm Socket, which identified the campaign, found that all eight affected packages were distributed through Composer, PHP's dependency manager. However, the malicious payloads were not inserted into composer.json files, where automated scanners and maintainers typically focus their audits. Instead, attackers placed executable scripts inside package.json files — configuration files used by Node.js and JavaScript tooling that are routinely bundled alongside PHP projects for frontend build pipelines, linting, and asset compilation.
The technique exploits a structural reality in modern web development: full-stack projects frequently ship both PHP and JavaScript dependencies within the same repository. By targeting the JavaScript layer of a PHP package, the attackers effectively sidestepped security tooling calibrated to inspect Composer manifests. When a developer installed one of the compromised packages and ran standard JavaScript tooling commands, the embedded script reached out to a GitHub Releases URL and retrieved a compiled Linux binary. The exact capabilities of that binary remain undisclosed, though its presence in a dependency installation chain raises immediate concerns about credential harvesting, persistence mechanisms, or lateral movement within compromised environments.
Using GitHub Releases as a distribution point is itself significant. GitHub is a trusted platform for developers worldwide, and outbound traffic to github.com is rarely blocked by corporate firewalls or network security appliances. By hosting the payload on infrastructure that development teams already whitelist, the operators behind this campaign reduced the likelihood of detection by network monitoring tools that might flag connections to known malicious domains or newly registered URLs.
The incident underscores a growing blind spot in automated dependency scanning. Most CI/CD pipelines and security scanners are configured to validate the primary language manifest of a project — composer.json for PHP, package.json for JavaScript, requirements.txt for Python — but rarely audit auxiliary configuration files with the same rigor. In hybrid environments, this creates an exploitable gap where malicious code can reside in plain sight inside files that security tooling assumes are harmless.
Security and DevOps teams should treat this campaign as a signal to transition from single-language dependency scanning to holistic, cross-ecosystem validation. Three baseline controls warrant immediate implementation:
- Expand Static Analysis Scope: Configure automated scanners to audit all configuration and manifest files within a repository, not just the primary language's dependency file.
- Restrict Build-Time Network Access: Enforce strict outbound allow-lists during dependency resolution and CI/CD execution to prevent package managers from contacting unauthorized or unexpected domains.
- Deploy Runtime Pipeline Monitoring: Integrate behavioral detection into CI/CD workflows to flag anomalous network requests or unauthorized binary executions triggered during installation or build steps.
For enterprises in Hong Kong and across the Asia-Pacific region, where full-stack PHP and JavaScript applications remain common in financial services, e-commerce, and government-adjacent projects, this attack vector warrants immediate review of dependency management practices. The threat does not target any specific geography, but organizations that run automated build pipelines without network restrictions or cross-ecosystem manifest auditing are exposed by design.
The scale of the campaign's impact remains undisclosed. Socket has not published download counts or identified downstream projects that may have inherited the compromised packages. Whether the GitHub account used to host the malicious binary connects to previously documented threat actor groups is also unknown. What is clear is that supply chain attacks are evolving beyond single-ecosystem tactics, and security defenses need to evolve accordingly.
一場協調的供應鏈攻擊已入侵Packagist(PHP依賴套件的主要倉庫)中的八個套件,方法是將惡意程式碼嵌入JavaScript設定檔,而非預期的PHP manifest。此行動由The Hacker News於5月23日率先報道,攻擊會下載並執行托管於GitHub Releases的Linux binary,標誌著威脅行為者繞過語言特定安全控制的手法出現顯著轉變。
安全公司Socket發現了這次攻擊行動,指出所有八個受影響套件均透過PHP的依賴套件管理器Composer分發。然而,惡意程式碼並未插入composer.json檔案——即自動掃描器和管理員通常集中審計的位置。相反,攻擊者將可執行腳本放置於package.json檔案內,這些是Node.js和JavaScript工具使用的設定檔,通常與PHP項目一併打包,用於前端build pipeline、linting和asset compilation。
此手法利用了現代web開發的結構現實:full-stack項目經常在同一倉庫內同時包含PHP和JavaScript依賴套件。透過針對PHP套件的JavaScript層面,攻擊者有效繞過設定為檢查Composer manifest的安全工具。當開發人員安裝受入侵套件並執行標準JavaScript工具命令時,嵌入的腳本會連線至GitHub Releases URL並獲取編譯好的Linux binary。該binary的確切功能尚未披露,但其出現在依賴套件安裝鏈中,立即引發對credential harvesting、persistence mechanisms或lateral movement的擔憂。
使用GitHub Releases作為分發點本身已具重大意義。GitHub是全球開發人員信賴的平台,通往github.com的outbound traffic極少被企業防火牆或網絡安全設備封鎖。透過將payload托管於開發團隊已加入whitelist的基建上,此行動的營運者降低了被網絡監控工具偵測的可能性——這些工具通常會標記連線至已知惡意域名或新註冊URL的行為。
此事件突顯自動依賴套件掃描中日益嚴重的盲點。大多數CI/CD pipeline和安全掃描器均配置為驗證項目的主要語言manifest——PHP的composer.json、JavaScript的package.json、Python的requirements.txt——但極少以同等嚴謹程度審計auxiliary設定檔。在hybrid環境中,這創造了可被利用的漏洞,惡意程式碼可明目張膽地存於安全工具假定為無害的檔案內。
安全和DevOps團隊應將此行動視為訊號,由單一語言依賴套件掃描過渡至全面cross-ecosystem驗證。三項baseline控制措施值得立即實施:
- 擴展靜態分析範圍: 配置自動掃描器以審計倉庫內所有設定檔和manifest,而非僅限主要語言的依賴套件檔。
- 限制build-time網絡存取: 於依賴套件解析和CI/CD執行期間實施嚴格的outbound allow-list,防止套件管理器連線至未授權或意外域名。
- 部署runtime pipeline監控: 將behavioral detection整合至CI/CD workflow,以標記安裝或build步驟期間觸發的異常網絡請求或未經授權的binary執行。
對於香港及亞太地區的企業而言,full-stack PHP和JavaScript應用在金融服務、電子商貿及政府相關項目中仍然普遍,此攻擊向量要求立即檢視依賴套件管理慣例。此威脅並非針對特定地區,但那些在沒有網絡限制或cross-ecosystem manifest審計情況下運行自動build pipeline的機構,其設計本身已構成暴露風險。
此行動的影響規模仍未披露。Socket尚未公佈下載數字,亦未識別可能繼承受入侵套件的downstream project。用於托管惡意binary的GitHub帳戶是否與先前記錄的threat actor群體有關聯,目前亦不得而知。可以確定的是,供應鏈攻擊正在演變,超越單一生態系統戰術,安全防禦亦需要相應演進。