Security News > 2022 > September > Hackers breach software vendor for Magento supply-chain attacks
Hackers have injected malware in multiple extensions from FishPig, a vendor of Magento-WordPress integrations that count over 200,000 downloads.
The intruders took control of FishPig's server infrastructure and added malicious code to the vendor's software to gain access to websites using the products, in what is described as a supply-chain attack.
Security researchers at Sansec, a company offering eCommerce malware and vulnerability detection services, have confirmed the compromise of 'FishPig Magento Security Suite' and 'FishPig WordPress Multisite'.
Php, a file that validates licenses in premium FishPig plugins, which downloads a Linux binary from FishPig's servers.
The company has published a security advisory recommending an upgrade of all FishPig modules.
The best advice for people at the minute is to reinstall all FishPig modules.
News URL
Related news
- Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Over 4,000 Adobe Commerce, Magento shops hacked in CosmicSting attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems (source)
- USDoD hacker behind National Public Data breach arrested in Brazil (source)
- Tech giant Nidec confirms data breach following ransomware attack (source)
- Henry Schein discloses data breach a year after ransomware attack (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- North Korean govt hackers linked to Play ransomware attack (source)