Security News > 2022 > September > Hackers breach software vendor for Magento supply-chain attacks
Hackers have injected malware in multiple extensions from FishPig, a vendor of Magento-WordPress integrations that count over 200,000 downloads.
The intruders took control of FishPig's server infrastructure and added malicious code to the vendor's software to gain access to websites using the products, in what is described as a supply-chain attack.
Security researchers at Sansec, a company offering eCommerce malware and vulnerability detection services, have confirmed the compromise of 'FishPig Magento Security Suite' and 'FishPig WordPress Multisite'.
Php, a file that validates licenses in premium FishPig plugins, which downloads a Linux binary from FishPig's servers.
The company has published a security advisory recommending an upgrade of all FishPig modules.
The best advice for people at the minute is to reinstall all FishPig modules.
News URL
Related news
- Lazarus hackers breach six companies in watering hole attacks (source)
- Magento supply chain attack compromises hundreds of e-stores (source)
- That massive GitHub supply chain attack? It all started with a stolen SpotBugs token (source)
- Hackers lurked in Treasury OCC’s systems since June 2023 breach (source)
- Russian hackers attack Western military mission using malicious drive (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Hackers abuse Zoom remote control feature for crypto-theft attacks (source)
- Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack (source)
- DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack (source)
- Ripple NPM supply chain attack hunts for private keys (source)