Supply Chain Attack Targets Laravel-Lang Packages with Credential Stealer

On May 22, 2026, we detected an active supply chain attack against Laravel-Lang. We filed a report with the maintainers immediately. The attacker published malicious version tags across three widely used repositories, injecting credential-stealing code that loads automatically via composer’s autoloader feature.

What makes this particularly sneaky is that the malicious code was never committed to the official repos at all. GitHub allows version tags to point to commits from a fork of the same repository. The attacker exploited this to create tags pointed to commits in a malicious fork they controlled.

233 versions are currently compromised across:

• laravel-lang/lang (7.8k stars)
• laravel-lang/attributes
• laravel-lang/http-statuses

We also reported the attack to Packagist, who responded immediately by taking down the malicious versions and temporarily unlisting the affected packages to prevent further installations.

Stage 1: The dropper

The attacker introduced a file called src/helpers.php into the affected version tags. On the surface it looks like a routine Laravel localization helper, defining two harmless functions: laravel_lang_locale() and laravel_lang_fallback(). Below those functions, the real work begins.

A self-executing block of code runs once on every machine it infects. It fingerprints the host using a hash of the file path, hostname and inode, then writes a marker file to the system temp directory so it only fires once. The C2 domain is hidden inside an integer array decoded at runtime to evade static scanners. It resolves to flipboxstudio[.]info.

The dropper then fetches a payload from flipboxstudio[.]info/payload using file_get_contents with a curl fallback, both with SSL verification disabled. On Windows it drops a .vbs launcher and runs the payload silently via cscript. On Linux and macOS it executes the payload in the background via exec().

Stage 2: The stealer

The fetched payload is a ~5,900 line PHP credential stealer, organised into fifteen specialist collector modules. After collecting everything it can find, it encrypts the results with AES-256 and sends them to flipboxstudio[.]info/exfil. It then deletes itself from disk to limit forensic evidence.

What it steals

Cloud credentials

• AWS access keys, secret keys and session tokens (from environment, ~/.aws/credentials and live EC2 instance metadata)
• GCP application default credentials, access token databases and all named CLI configurations
• Azure access tokens, MSAL cache and service principal profiles
• DigitalOcean, Heroku, Vercel, Netlify, Railway and Fly.io auth tokens

Infrastructure secrets

• All kubeconfig files including /etc/kubernetes/admin.conf
• HashiCorp Vault tokens
• Helm repository configs
• Docker config.json

Developer credentials

• SSH private keys
• All .git-credentials and .gitconfig files
• .netrc, .npmrc, .yarnrc, .pypirc, .gem/credentials, .composer/auth.json
• GitHub CLI, GitLab CLI and Hub CLI auth tokens
• Shell history files (bash, zsh, psql, mysql, python, node)
• All .env files and config files found by recursively scanning the working directory (wp-config.php, settings.py, docker-compose.yml, secrets.yaml and more)

Browsers and password managers

• Saved passwords from 17 Chromium-based browsers: Chrome, Edge, Brave, Opera, Opera GX, Vivaldi, Chromium, Yandex and more. On Windows a bundled helper .exe is dropped to decrypt Chrome's DPAPI-protected login database
• Firefox and Thunderbird logins.json and key4.db across all profiles
• KeePass .kdbx and .kdb database files
• 1Password and Bitwarden local vault files

Cryptocurrency wallets

• Bitcoin, Ethereum, Monero, Litecoin, Dash, Dogecoin and Zcash wallet files
• Electrum, Exodus, Atomic, Ledger Live, Trezor, Wasabi and Sparrow wallets
• Browser extension wallets by extension ID: MetaMask, Phantom, Trust Wallet, Ronin, Keplr, Solflare and Rabby

Windows-specific

• Windows Credential Manager and Vault entries
• PuTTY and WinSCP saved sessions (WinSCP passwords are actively decrypted)
• .rdp files from Desktop, Documents and Downloads
• Outlook registry profiles, OST/PST file inventory and Credential Manager entries for Microsoft services

Communication platforms

• Slack tokens
• Discord bot tokens 
• Telegram bot tokens

VPN configs

• Config files and extracted credentials for NordVPN, ExpressVPN, ProtonVPN, CyberGhost, Private Internet Access, Windscribe, Mullvad, Surfshark, WireGuard and OpenVPN

How Aikido detects this

If you are an Aikido user, check your central feed and filter on malware issues. This will surface as a 100/100 critical issue. Aikido rescans nightly, but we recommend triggering a manual rescan now.

If you are not yet an Aikido user, you can create an account and connect your repos. Our malware coverage is included in the free plan, no credit card required.

For broader coverage across your whole team, Aikido's Endpoint Protection gives you visibility and control over the software packages installed on your team's devices. It covers browser extensions, code libraries, IDE plugins, and build dependencies, all in one place. Stop malware before it gets installed.

For future protection, consider Aikido Safe Chain (open source). Safe Chain sits in your existing workflow, intercepting npm, npx, yarn, pnpm, and pnpx commands and checking packages against Aikido Intel before install.

‍Indicators of Compromise

Network

• flipboxstudio.info (C2 domain)
• flipboxstudio.info/payload (dropper fetch)
• flipboxstudio.info/exfil (exfiltration endpoint)

Files and paths

• <tmp>/.laravel_locale/<md5_hash> (infection marker)
• <tmp>/.laravel_locale/<12 random hex chars>.php (dropped stealer)
• <tmp>/.laravel_locale/<8 random hex chars>.vbs (Windows launcher)