Three days later, still no new details about how the official PHP website hosted a backdoored version of the PEAR package manager for the past six months.
“If you have downloaded this go-pear.phar in the past six months, you should get a new copy of the same release version from GitHub (pear/pearweb_phars) and compare file hashes. If different, you may have the infected file,” the note on the official PEAR website reads.
Since the PEAR officials have just put out a warning notification and not released any details about the security incident, it is still unclear that who is behind the attack.
The developers tweeted that they will publish a “more detailed announcement” on the PEAR Blog once it’s back online.