Security News > 2022 > September > Hackers breach software vendor for Magento supply-chain attacks
Hackers have injected malware in multiple extensions from FishPig, a vendor of Magento-WordPress integrations that count over 200,000 downloads.
The intruders took control of FishPig's server infrastructure and added malicious code to the vendor's software to gain access to websites using the products, in what is described as a supply-chain attack.
Security researchers at Sansec, a company offering eCommerce malware and vulnerability detection services, have confirmed the compromise of 'FishPig Magento Security Suite' and 'FishPig WordPress Multisite'.
Php, a file that validates licenses in premium FishPig plugins, which downloads a Linux binary from FishPig's servers.
The company has published a security advisory recommending an upgrade of all FishPig modules.
The best advice for people at the minute is to reinstall all FishPig modules.
News URL
Related news
- US sanctions APT31 hackers behind critical infrastructure attacks (source)
- Hackers exploit Ray framework flaw to breach servers, hijack resources (source)
- Finland confirms APT31 hackers behind 2021 parliament breach (source)
- U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites (source)
- XZ Utils Supply Chain Attack: A Threat Actor Spent Two Years to Implement a Linux Backdoor (source)
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- Hacker claims Giant Tiger data breach, leaks 2.8M records online (source)
- TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (source)