Security News > 2022 > September > WordPress-powered sites backdoored after FishPig suffers supply chain attack
Infosec outfit Sansec raised the alarm this week that FishPig's software was acting weird: when a deployment's control panel was visited by a logged-in Magento staff user, the code would automatically fetch and run from FishPig's back-end systems a Linux binary that turned out to be Rekoobe.
Free versions of FishPig modules available on GitHub were likely clean.
According to FishPig, it's "Best to assume that all paid FishPig Magento 2 modules have been infected." It's not known exactly how many customers were caught up in the supply-chain attack, though Sansec said the company's free Magento packages have been collectively downloaded more than 200,000 times.
Ergo, a staff user accesses their FishPig deployment's control panel, the altered remotely-hosted License.
Per Intezer, newer versions of Rekoobe show hard-coded C2 server addresses and attempt to rename their own process, as is the case in this FishPig instance.
FishPig said affected customers can also reach out for "a free clean up service for anyone who is worried that this is affecting their site and needs help to resolve it."
News URL
https://go.theregister.com/feed/www.theregister.com/2022/09/15/magento_wordpress_fishpig/
Related news
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- LottieFiles hit in npm supply chain attack targeting users' crypto (source)
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- LottieFiles supply chain attack exposes users to malicious crypto wallet drainer (source)
- Blue Yonder ransomware attack disrupts grocery store supply chain (source)
- Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks (source)
- OpenWrt orders router firmware updates after supply chain attack scare (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- Ultralytics Supply-Chain Attack (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)