Security News > 2022 > September > Hackers breach software vendor for Magento supply-chain attacks
Hackers have injected malware in multiple extensions from FishPig, a vendor of Magento-WordPress integrations that count over 200,000 downloads.
The intruders took control of FishPig's server infrastructure and added malicious code to the vendor's software to gain access to websites using the products, in what is described as a supply-chain attack.
Security researchers at Sansec, a company offering eCommerce malware and vulnerability detection services, have confirmed the compromise of 'FishPig Magento Security Suite' and 'FishPig WordPress Multisite'.
Php, a file that validates licenses in premium FishPig plugins, which downloads a Linux binary from FishPig's servers.
The company has published a security advisory recommending an upgrade of all FishPig modules.
The best advice for people at the minute is to reinstall all FishPig modules.
News URL
Related news
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- Silk Typhoon hackers now target IT supply chains to breach networks (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- HPE investigates breach as hacker claims to steal source code (source)
- PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- Supply chain attack hits Chrome extensions, could expose millions (source)
- CISA: Hackers still exploiting older Ivanti bugs to breach networks (source)
- Hackers exploiting flaws in SimpleHelp RMM to breach networks (source)