Socket's Threat Research Team discovered a supply chain attack involving malicious Packagist packages that deploy an encrypted Remote Access Trojan (RAT). The packages, disguised as Laravel utilities, execute automatically upon application boot or class autoloading, granting the attacker full remote shell access, file manipulation, and system reconnaissance capabilities across Windows, macOS, and Linux environments.