Laravel Lang packages hijacked to deploy credential-stealing malware

A supply-chain attack against multiple Laravel Lang Composer packages abused GitHub tag rewriting to distribute malicious releases that autoloaded a dropper (src/helpers.php). The dropper downloaded a large cross-platform credential stealer from an attacker-controlled C2 (flipboxstudio.info) that harvests cloud credentials, Kubernetes secrets, Git/CI tokens, SSH keys, browser data and other secrets; on Windows it drops and runs a credential-stealing binary called DebugElevator. Security firms reported hundreds of historical versions impacted, Packagist removed the malicious versions, and developers are advised to audit installed versions, rotate exposed credentials, and investigate potential indicators of compromise.