Security News > 2022 > September > Attackers mount Magento supply chain attack by compromising FishPig extensions

FishPig, a UK-based company developing extensions for the popular Magento open-source e-commerce platform, has announced that its paid software offerings have been injected with malware after its distribution server was compromised.
How the attackers compromised the FishPig extensions.
Sansec researchers said that the FishPig distribution server was compromised on or before August 19th. "Any Magento store who installed or updated paid Fishpig software since then, is now likely running the Rekoobe malware," they noted.
Php file, which is included in most FishPig extensions.
The only good news related to this Magento supply chain attack is that there's no evidence that the compromised installations have been taken advantage of.
FishPig is urging users to assume that all paid FishPig Magento 2 modules have been infected, and is advising them to upgrade all FishPig modules or reinstall existing versions from source.
News URL
https://www.helpnetsecurity.com/2022/09/14/fishpig-extensions-compromised/
Related news
- North Korea targets crypto developers via NPM supply chain attack (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access (source)
- GitHub supply chain attack spills secrets from 23,000 projects (source)
- Supply chain attack on popular GitHub Action exposes CI/CD secrets (source)
- Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos (source)
- GitHub Action hack likely led to another in cascading supply chain attack (source)
- GitHub Action supply chain attack exposed secrets in 218 repos (source)
- Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed (source)
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)