logo

Database

Use of software with malware In intercom-php

Description

Malicious code in intercom-php (Packagist)

-= Per source details. Do not edit below this line.=-

Source: google-open-source-security (0bd33abd6fda35e856f8346fda5e85913ce2cad6b4d6c315a2e7138b867760aa)

This package is malicious and was compromised as part of the Mini Shai-Hulud campaign by the TeamPCP threat actor. The malicious payload steals credentials, and can propogate to NPM packages using credentials it finds.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. OSV-MAL-2026-36372. GHSA-gr3r-crp5-qrrm3. GCVE-MAL-2026-3637

References

1. https://semgrep.dev/blog/2026/malicious-intercom-php-package-spreads-mini-shai-hulud-attack-to-packagist-via-composer-plugin/

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.