The malicious code, discovered in late March, was found in the php-src repository hosted on the git.php.net server and it was apparently designed to allow an attacker to remotely execute arbitrary PHP code. PHP developers said the backdoor was discovered before it was pushed out to users via an update. Initially, users were told that…