Aikido Security — Laravel-Lang supply chain delivers cross-platform credential stealer

AI relevance: Supply-chain compromises of developer tooling directly threaten AI agent pipelines, CI/CD runners, and MCP server deployments that inherit poisoned environment credentials from infected workstations.

• Attackers published 233 malicious version tags across three widely used Laravel-Lang repositories (laravel-lang/lang, laravel-lang/attributes, laravel-lang/http-statuses) on May 22–23, 2026.
• The malicious code was never committed to the official repos — attackers exploited GitHub's ability to create version tags pointing to commits in a fork they controlled, bypassing branch protection and code review.
• Stage 1: A dropper in src/helpers.php self-executes on install, fingerprints the host, then fetches a ~5,900-line PHP credential stealer from flipboxstudio[.]info/payload using SSL-verified-disabled requests.
• Stage 2: The stealer contains fifteen collector modules targeting AWS keys, GCP credentials, SSH keys, browser password stores, crypto wallets, and cloud API tokens from both environment files and live instance metadata endpoints.
• Collected data is AES-256 encrypted and exfiltrated to flipboxstudio[.]info/exfil, then the payload deletes itself to limit forensic evidence.
• Packagist took down the malicious versions and temporarily unlisted the affected packages; Aikido Security filed the initial report with maintainers.

Why it matters

Developer workstations and CI/CD runners are the credential roots for AI agent infrastructure — poisoned packages that steal AWS keys, SSH keys, and API tokens can silently compromise model-serving pipelines, MCP server configurations, and RAG backends. The fork-tag technique sidesteps traditional code review, making it harder for automated scanners to catch.

What to do

• Audit composer install logs for any laravel-lang/* versions pulled on May 22–23; revoke any credentials that existed on affected machines.
• Pin dependency versions and enable Composer lockfile verification in CI pipelines.
• Review GitHub repository settings to restrict tag creation to trusted contributors.

Sources:

• Aikido Security — Supply Chain Attack Targets Laravel-Lang Packages
• The Hacker News — Laravel-Lang PHP Packages Compromised
• BleepingComputer — Laravel-Lang Packages Hijacked
• Socket.dev — Laravel-Lang Compromise Analysis