VYPR
← All malware advisories

composer · Malicious package advisory

Malware

intercom-php

MAL-2026-3637

Malicious code in intercom-php (Packagist)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: google-open-source-security (0bd33abd6fda35e856f8346fda5e85913ce2cad6b4d6c315a2e7138b867760aa)
This package is malicious and was compromised as part of the Mini Shai-Hulud campaign by the TeamPCP threat actor.
The malicious payload steals credentials, and can propogate to NPM packages using credentials it finds.

Compromised versions (1)

  • 5.0.2

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.