This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.
Post
Socket
socket.dev
did:plc:n6f3j47vjucu5ijwdmow7n2w
Famous Chollima appears to have used a compromised PHP/Packagist package path in a targeted developer lure.
The loader was hidden in a Laravel package branch installable through Composer and used blockchain/RPC infra to run remote JS.
Analysis + IOCs:
https://socket.dev/blog/famous-chollima-targets-php-developers-through-compromised-packagist-package
2026-05-31T22:02:50.679Z