Hundreds of top ecommerce sites under attack following Magento supply chain flaw

Sansec found 21 Magento extensions with malicious code
The extensions belong to three companies, who claim everything’s in order
Users are advised to take immediate action

Hundreds of ecommerce websites, including at least one major player, behemoth, have been compromised after poisoned Magento extensions woke up from a six-year slumber.

Cybersecurity researchers Sansec discovered the supply chain attack after one of its clients was targeted, ultimately finding 21 backdoored Magento extensions, belonging to three companies: Tigren, Meetanshi, and MSG. Here are their names:

Tigren Ajaxsuite
Tigren Ajaxcart
Tigren Ajaxlogin
Tigren Ajaxcompare
Tigren Ajaxwishlist
Tigren MultiCOD
Meetanshi ImageClean
Meetanshi CookieNotice
Meetanshi Flatshipping
Meetanshi FacebookChat
Meetanshi CurrencySwitcher
Meetanshi DeferJS
MGS Lookbook
MGS StoreLocator
MGS Brand
MGS GDPR
MGS Portfolio
MGS Popup
MGS DeliveryTime
MGS ProductTabs
MGS Blog

The long con

The company says some of the extensions were backdoored back in 2019. According to CyberInsider, the extensions were distributed via the vendors’ official download servers, which were “breached at some point”.

However, the attackers only activated the malicious code in April 2025. In the meantime, hundreds of ecommerce websites installed them, which resulted in the compromise of roughly 500 – 1,000 websites, including one owned by a $40 billion multinational corporation.

Sansec says that the attackers added a PHP backdoor to the license check file of all of the extensions, which allowed the threat actors to execute arbitrary PHP code remotely.

This granted them control over affected stores, compromising sensitive customer data and financial transactions in the process.

The researchers said they reached out to the three vendors with their findings, but got mixed responses.

Tigren denied having been breached and is allegedly still serving backdoored extensions, while Meetanshi confirmed having been breached but denied experiencing an extension compromise.

Finally, MGS did not even respond to Sansec’s inquiries, even though BleepingComputer confirmed the backdoor in at least one extension that’s currently on offer, for free, on the company website.

If you’re running a Magento store with any of the above-mentioned extensions, you should act immediately and secure your assets.

Via BleepingComputer

https://cdn.mos.cms.futurecdn.net/Fjubd6oQm2BLkiwxJd5qSf.jpg

Source link

Perplexity AI’s Comet browser will streak across the web this month

This mini PC packs 16-core power, 10GbE networking and GPU support into something smaller than your lunchbox

‘We want to build a brain for the world’ – Sam Altman makes a crucial decision about the future of OpenAI, and it may...

Google’s Gemini AI Is now a Pokémon Master

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

Which Celebrity Styles Americans Copy Most in 2025: New Study

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

Irish consumer sentiment falls sharply for second successive month

At least 3 dead, 9 missing after small boat capsizes near San Diego

Trump calls AI pope image a joke, but experts say it’s no laughing matter

Parkland Reports 2025 First Quarter Results

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays