Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

Cybersecurity researchers observed a supply-chain compromise of multiple Laravel-Lang PHP packages where an autoloaded backdoor (src/helpers.php) was mass-tagged into releases and used to fetch a cross-platform PHP credential stealer that fingerprints hosts, executes automatically on each PHP request, harvests extensive cloud, VCS, browser, wallet and local credentials, encrypts results with AES-256 and exfiltrates them to flipboxstudio.info.