Attention! You Might Be Using an Infected PHP PEAR Package Manager

PEAR stands for PHP Extension and Application Repository. Using PEAR, you can download and manage various PHP libraries that allow you to easily implement various functionalities like login authentication, networking, and so on without needing to write the code from scratch.

Someone has hacked the PHP PEAR website ( and replaced the original PEAR installation package with a malicious package.

If you have downloaded the PEAR package manager—which is go-pear.phar file—from the official website in the past six months, kindly consider you are affected.

As soon as possible, you should download and install the latest version from the GitHub repository:, which is secure.

Currently, the PEAR website is down. And the PEAR team is doing a forensic investigation to find more details about the hack.

Affected Version: v1.10.9

Latest Version: v1.10.10

You may check the official twitter handle for the latest updates.


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>