Security News > 2022 > September > Hackers breach software vendor for Magento supply-chain attacks
Hackers have injected malware in multiple extensions from FishPig, a vendor of Magento-WordPress integrations that count over 200,000 downloads.
The intruders took control of FishPig's server infrastructure and added malicious code to the vendor's software to gain access to websites using the products, in what is described as a supply-chain attack.
Security researchers at Sansec, a company offering eCommerce malware and vulnerability detection services, have confirmed the compromise of 'FishPig Magento Security Suite' and 'FishPig WordPress Multisite'.
Php, a file that validates licenses in premium FishPig plugins, which downloads a Linux binary from FishPig's servers.
The company has published a security advisory recommending an upgrade of all FishPig modules.
The best advice for people at the minute is to reinstall all FishPig modules.
News URL
Related news
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- OpenWrt orders router firmware updates after supply chain attack scare (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- Ultralytics Supply-Chain Attack (source)
- Rhode Island confirms data breach after Brain Cipher ransomware attack (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- Russian hackers use RDP proxies to steal data in MiTM attacks (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)
- White House links ninth telecom breach to Chinese hackers (source)
- Hackers steal ZAGG customers' credit cards in third-party breach (source)