Hacker compromised the download URLs of the popular phpBB forum software, for around three hours they were delivering infected versions of legitimate files.
The popular phpBB free and open source forum software has been compromised by an unknown hacker. According to a security advisory released by the phpBB maintainers, the attacker has compromised download URLs for two phpBB packages.
The downloads URLs compromised were related to the phpBB 3.2.2 full package and the phpBB 3.2.1 -> 3.2.2 automatic updater.
“Earlier today, we identified that the download URLs for two phpBB packages available on phpBB.com were redirecting to a server that did not belong to us. We immediately took down the links and launched an investigation.” reads the announcement published by the development team.
“The point of entry was a third-party site. Neither phpBB.com nor the phpBB software were exploited in this attack. If you downloaded either the 3.2.2 full package or the 3.2.1 -> 3.2.2 automatic updater package between the hours of 12:02 PM UTC and 15:03 PM UTC on January 26th, you received an archive modified with a malicious payload. “
The compromised download links were online for around three hours, between 12:02 PM UTC and 15:03 PM UTC on January 26, those who used them received a malware.
Users who downloaded phpBB 3.2.2 packages on January 26 must verify the SHA256 file hash of the file they downloaded with the one reported on the phpBB official downloads page.
The phpBB development team is investigating the incident, it only revealed that the entry point is likely a third-party site and clarified that neither phpBB.com nor the phpBB software were exploited in this attack.
At the time of writing it is still unclear how hackers compromised the download URLs.
The phpBB maintainers quickly removed the links to the malicious payload.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.