Attackers mount Magento supply chain attack by compromising FishPig extensions

Don't miss FishPig Linux Magento News remote access Trojan sansec supply chain compromise

FishPig, a UK-based company developing extensions for the popular Magento open-source e-commerce platform, has announced that its paid software offerings have been injected with malware after its distribution server was compromised. How the attackers compromised the FishPig extensions Sansec researchers said that the FishPig distribution server was compromised on or before August 19th. “Any Magento store who installed or updated paid Fishpig software since then, is now likely running the Rekoobe malware,” they noted. FishPig … More

The post Attackers mount Magento supply chain attack by compromising FishPig extensions appeared first on Help Net Security.