A supply chain attack targeted Laravel Lang localization packages by rewriting GitHub tags to point to malicious commits across four repositories, deceiving users into installing compromised releases.

The attacker altered the git tags for four Laravel-Lang packages—laravel-lang/lang, laravel-lang/attributes, laravel-lang/http-statuses, and laravel-lang/actions—around the night of May 22–23, 2026, directing users to malicious commits.

The attackers did not modify the original source code; instead they manipulated GitHub tags to point to commits in attacker-controlled forks, allowing deceptive release tagging.

Affected packages include laravel-lang/lang, laravel-lang/http-statuses, laravel-lang/attributes, and possibly laravel-lang/actions, with hundreds of versions across multiple repositories impacted.

Each poisoned commit adds a pair of changes: an entry in composer.json’s autoload block and a new src/helpers.php file, creating a persistent backdoor via autoloading.

The malware uses regex to extract AWS keys, tokens, secret keys, database credentials, JWTs, SSH keys, and crypto phrases from files and environment variables, encrypts them, and transmits to the C2 server.

The malicious release introduced a dropper file named src/helpers.php in the package, which downloaded a second payload from the attacker’s command-and-control server flipboxstudio[.]info.

The helper file src/helpers.php contains decoy functions but hides a guarded closure that executes once per host and vendor tree, using a fast-exit marker file to ensure single execution per host.

The autoload.files directive causes the backdoor to run on every request in Laravel apps or during CLI/CI runs by eagerly loading the compromised files at Composer initialization.

Stage-two payload targets a wide range of credentials and sensitive data—cloud and Kubernetes secrets, Git and CI/CD credentials, SSH keys, environment data, browser and wallet data—and exfiltrates via XOR-encrypted data to flipboxstudio[.]info/exfil.

On Windows, the second-stage payload drops and runs a separate binary named DebugElevator to harvest browser credentials, in addition to cross-platform credential theft for Linux, macOS, and Windows.

Packagist promptly removed the malicious versions and temporarily unlisted the affected packages to prevent further installations.