Supply Chain Attack: Malicious Laravel Packages Deploy PHP RAT

Supply Chain Attack: Malicious Laravel Packages Deploy PHP RAT

First seen 4 Mar 2026, 06:09 UTC GbhackersCybersecuritynewsThehackernewsScworldCyberpress 85% similarity 40.3

Article Content

Browse articles
ThreatCluster

A supply chain attack has targeted the PHP developer community via Packagist, where threat actor nhattuanbl published malicious packages disguised as Laravel utility libraries. These packages contain a fully functional remote access trojan (RAT), allowing attackers to gain silent and persistent control over systems that install them.

ThreatCluster AI

Timeline

2026-03-04
Malicious packages discovered on Packagist
2026-03-04
Threat actor nhattuanbl identified as the source
Date unknown
Attackers gain control over affected systems

Community

Browse all →