A supply‑chain attack on several Laravel‑Lang Composer packages injects a hidden `src/helpers.php` file that automatically runs on every request, harvests cloud, CI/CD, browser, and crypto credentials, and exfiltrates them to a remote server. Researchers explain how the breach happened, why the autoload mechanism is dangerous, and what developers can do to protect their applications.
A supply‑chain breach that turns Laravel‑Lang into a credential‑stealing platform
On May 22‑23 2026, dozens of new tags were pushed to the laravel‑lang organization on Packagist. The tags appeared only seconds apart, and each version contained a tiny file called src/helpers.php. Because the package’s composer.json registers that file under autoload.files, the code is executed automatically on every PHP request that loads the package.
Security researchers at Socket Security and Aikido Security discovered that the hidden helper contacts a remote server (flipboxstudio.info) and downloads a ~5,900‑line PHP payload. The payload runs on Windows, Linux and macOS, launches a Visual Basic script on Windows via cscript, and uses exec() on Unix‑like systems. In short, a single compromised Composer package becomes a universal credential stealer.
How the attacker got in
"The timing and pattern of the newly published tags point to a broader compromise of the Laravel‑Lang organization’s release process, rather than a single malicious package version," said Mike R., senior analyst at Socket Security.
The evidence suggests one of three possibilities:
- Organization‑level credentials (GitHub token, SSH key) were leaked or stolen.
- An attacker compromised the CI/CD pipeline that automates tag creation.
- The release infrastructure (e.g., a self‑hosted Composer repository) was accessed directly.
Because more than 700 versions were affected, the attacker likely scripted the tag creation to flood the repository before the breach was noticed.
What the backdoor does
- Host fingerprinting – Generates a per‑host marker using an MD5 of the project path, CPU architecture, and inode. This ensures the payload runs only once per machine, reducing noise.
- Metadata harvesting – Queries cloud metadata services (Google Cloud, Azure, AWS) for instance identity documents and IAM tokens.
- CI/CD token grab – Pulls secrets from GitHub Actions, GitLab Runners, CircleCI, TravisCI, Jenkins, and ArgoCD.
- Browser and password manager loot – Reads Chrome, Edge, Firefox, Brave, and Opera profiles, then bypasses Chromium’s app‑bound encryption (ABE) with an embedded Windows executable. It also extracts vault data from 1Password, Bitwarden, LastPass, KeePass, Dashlane, and NordPass.
- Crypto wallet harvest – Dumps seed phrases and wallet files for Electrum, Exodus, Ledger Live, Trezor, Wasabi, Sparrow, and popular extensions such as MetaMask, Phantom, and Trust Wallet.
- Kubernetes and Docker secrets – Scrapes
~/.kube/config,docker‑config.json, Helm registry files, and any.envorwp‑config.phpthat may contain API keys. - VPN and remote‑desktop credentials – Collects OpenVPN, WireGuard, NordVPN, ExpressVPN configs, as well as RDP
.rdpfiles and Windows Credential Manager entries. - Exfiltration – Encrypts the collected data with AES‑256 and POSTs it to
https://flipboxstudio.info/exfil. The script then self‑deletes to erase forensic traces.
Practical steps for developers and DevOps teams
| Action | Why it matters | How to implement |
|---|---|---|
| Audit Composer autoload files | autoload.files runs unconditionally, giving attackers a perfect execution hook. |
Run `composer show -i --format=json |
| Pin dependencies to signed tags | Attackers can push malicious tags that look legitimate. | Use Composer’s --prefer-dist with GPG‑signed tags, or enable composer config --global allow-plugins false to block unknown plugins. |
| Rotate organization tokens | The breach likely stemmed from a leaked GitHub token. | Revoke all personal access tokens for the Laravel‑Lang org, generate a new one with the minimal scopes (read:packages), and store it in a secret manager. |
| Enable 2FA and SSO for repository access | Reduces risk of credential theft via phishing. | Enforce required two‑factor authentication on GitHub/Bitbucket and integrate with your identity provider. |
| Implement supply‑chain scanning | Detect malicious code before it reaches production. | Integrate tools like GitHub Advanced Security, Snyk, or OSS Index into CI pipelines. Scan each new version of a dependency for unexpected files (helpers.php in this case). |
| Run Composer in a sandbox | Limits damage if a malicious package executes. | Deploy PHP applications inside containers with read‑only filesystem for /vendor, and drop the exec and shell_exec functions via disable_functions in php.ini. |
| Monitor outbound traffic | The payload contacts an external C2 server. | Set up egress filtering or a DNS sinkhole for flipboxstudio.info. Alert on any PHP process making outbound HTTP requests to unknown domains. |
| Rotate secrets regularly | Even if credentials are stolen, they become useless after rotation. | Use automated secret rotation for cloud IAM tokens, CI/CD tokens, and database passwords. |
Quick checklist for an immediate response
- Identify affected projects – Search your
composer.lockforlaravel-lang/lang,laravel-lang/http-statuses,laravel-lang/attributes, orlaravel-lang/actionswith versions released on May 22‑23. - Remove the malicious packages – Run
composer remove laravel-lang/* && composer require laravel-lang/lang:^X.Y(replaceX.Ywith a known clean version). - Clear caches – Delete the
vendordirectory, runcomposer clear-cache, and redeploy. - Audit for the helper file – Grep for
helpers.phpin your codebase:grep -R "src/helpers.php" .. - Reset compromised credentials – Assume any token that could have accessed the repo is compromised; rotate them immediately.
- Review logs – Look for outbound connections to
flipboxstudio.infoor unusualcscriptexecutions on Windows hosts.
What this means for the PHP ecosystem
The incident underscores a long‑standing risk: Composer’s autoload mechanism can execute arbitrary code on every request. While convenient, it also provides a low‑friction path for supply‑chain attackers. Community projects are now urging maintainers to audit their autoload.files usage and consider lazy‑loading alternatives.
For developers who rely heavily on third‑party packages, the lesson is clear: trust but verify. Automated scanning, strict token hygiene, and runtime hardening are essential defenses against the kind of mass‑tagging attack that compromised Laravel‑Lang.
Stay vigilant, keep your dependencies clean, and treat every new package version as a potential attack surface.
Comments
Please log in or register to join the discussion