14 DAY TRIAL // On September 25, phpMyAdmin developers issued an advisory to notify users of a corrupted copy of phpMyAdmin, being served from a SourceForge mirror. SourceForge came forward to provide more details on the incident.
The company claims that the cdnetworks-kr-1 mirror from Korea is the only one that served the corrupted phpMyAdmin-3.5.2.2-all-languages.zip file. The mirror has been removed from rotation to ensure that the file will not be downloaded by others.
The website’s activity logs have revealed that around 400 customers have already downloaded the malicious distribution.
Users who have recently downloaded phpMyAdmin from the aforementioned mirror are advised to check for the server_sync.php file which contains a backdoor that allows a remote attacker to execute arbitrary commands on affected web servers.
“It is our recommendation that downloaders of this corrupted file (which contains ‘server_sync.php’) assess risk and take action as they deem appropriate, including deletion of the corrupted file and downloading a fresh copy,” the SourceForge team explained.