Infected PHP PEAR reverse shell



  • If you installed PEAR PHP in the last 6 months, you may be infected
    https://www.zdnet.com/article/mystery-still-surrounds-hack-of-php-pear-website/
    IT seems if you installed from default repos, your safe, but using site version your not
    PEAR developers promised a more detailed incident post-mortem when this operation concludes.

    In the meantime, earlier today, the PHP PEAR team also released PEAR v1.10.10, a new PEAR release, which is identical with the previous release v1.10.9, but which the PHP PEAR team uploaded on GitHub to give it a new timestamp and signal that it's a clean version that webmasters can install without fear of downloading a potentially backdoored release

    UPDATE, January 23: In a series of tweets following the publication of this article, the PEAR team has published more details about its recent security breach. The tweets are embedded below:

    In addition, the team at DCSO has also analyzed the malicious backdoor, and confirmed the findings of the PEAR team that it drops a reverse shell on infected hosts, allowing attackers to connect to web servers running a tainted PEAR package.

    https://www.virustotal.com/#/file/f74c4406c53e5b0187b8b1cfeb5b74f88ac9294acca29bdba8bd11371b2245e8/detection

    Guys I need to be able to download this infected PHP pear how to do so ?? I need to test security scanners for linux


Log in to reply