Fishpig, a vendor of popular Magento-Wordpress integrations, has been hacked. Hackers have injected malware in multiple extensions from FishPig, a vendor of Magento-WordPress integrations that count over 200,000 downloads.
FishPig has confirmed the incident and published a status page. It recommends customers to upgrade and/or reinstall all FishPig modules.
Magento is a popular open-source eCommerce platform used for building electronic shops, supporting the sale of tens of billions USD worth of goods annually.
Hackers injected malicious code into License.php, a file that validates licenses in premium FishPig plugins, which downloads a Linux binary (“lic.bin”) from FishPig’s servers (“license.fishpig.co.uk”).The binary is Rekoobe, a remote access trojan (RAT) that has been seen in the past being dropped by the ‘Syslogk’ Linux rootkit.
The binary is Rekoobe, a remote access trojan (RAT) that has been seen in the past being dropped by the ‘Syslogk’ Linux rootkit.
As per fishpig stated , merchants need to reinstall the extension
It is recommended to upgrade all FishPig modules, or reinstall existing versions from source, regardless of whether or not you are using extensions known to be infected. This will ensure clean and secure code on your system.