The main code repository for PHP, which powers nearly 80 per cent of the internet, was breached to add malicious code and is now being moved to GitHub as a precaution.
“Yesterday (2021-03-28) two malicious commits were pushed to the php-src repo from the names of Rasmus Lerdorf and myself. We don’t yet know how exactly this happened, but everything points towards a compromise of the git.php.net server (rather than a compromise of an individual git account),” said PHP maintainer Nikita Popov, who works with the PHP team at JetBrains.
The malicious code is a backdoor into servers running the modified version. “This line executes PHP code from within the useragent HTTP header, if the string starts with ‘zerodium’,” explained PHP developer Jake Birchall.