By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    Versatile Threats: Dangers for any Device – Kaspersky Daily
    12 months ago
    Kaspersky Internet Security for Android wins independent anti-virus testing
    12 months ago
    DEF CON 23: Tell me who you are and I will tell you your lock screen pattern
    12 months ago
    Latest News
    Beware of scammers! Dangerous apps in the App Store
    2 days ago
    How To Limit Login Attempts on WordPress (+ Should You?)
    3 days ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (September 18, 2023 to September 24, 2023)
    3 days ago
    Two privilege escalation vulnerability in Simple Membership Plugin
    4 days ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    Cloudflare Introduces User Friendly CAPTCHA Alternative Called Turnstile
    12 months ago
    Windows 10 build 19044.1947 (KB5016688) outs as preview
    12 months ago
    How to disable WiFi or Ethernet network adapter on Windows 11
    12 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    8 months ago
    Now you can speed up any video in your browser
    8 months ago
    How to restore access to a file after EFS or view it on another computer?
    8 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    9 months ago
  • How To
    How ToShow More
    Detecting zero-days before zero-day
    Detecting zero-days before zero-day
    22 hours ago
    See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
    See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
    22 hours ago
    Network performance update: Birthday Week 2023
    Network performance update: Birthday Week 2023
    22 hours ago
    Cloudflare now uses post-quantum cryptography to talk to your origin server
    Cloudflare now uses post-quantum cryptography to talk to your origin server
    2 days ago
    Privacy-preserving measurement and machine learning
    Privacy-preserving measurement and machine learning
    2 days ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    Why is it so popular and why is it dangerous?
    12 months ago
    How to calibrate the display on a smartphone?
    12 months ago
    5 Useful Things Google Maps Can Do
    12 months ago
    Latest News
    How to enable extensions for Google Bard AI
    2 days ago
    Window 11 Copilot: 10 Best tips and tricks
    2 days ago
    How to create AI images with Cocreator on Paint for Windows 11
    3 days ago
    How to install September 2023 update with 23H2 features for Windows 11
    4 days ago
  • Glossary
  • My Bookmarks
Reading: E-commerce software maker hacked for massive supply chain attack
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
Wordpress Threats

E-commerce software maker hacked for massive supply chain attack

Tom Grant
Last updated: 5 December
Tom Grant 10 months ago
Share
3 Min Read

The hack was reported by the British company FishPig, which develops e-commerce solutions (mainly for Magento-WordPress integrations), which have been downloaded more than 200,000 times in total. Unknown persons have injected the Rekoobe backdoor into the company’s products in order to attack customers.

Company experts Sansec detailed the attack in their report. According to them, unknown attackers gained control over the FishPig server infrastructure and added malicious code to the company’s software. The researchers confirm the compromise of products such as FishPig Magento Security Suite and FishPig WordPress Multisite, and warn that other paid extensions are likely to be compromised as well. The free tools hosted by the company on GitHub did not seem to be affected by this attack.

According to experts, hackers injected malicious code into the License.php file, which is responsible for checking the license in FishPig premium plugins. This code downloaded the lic.bin binary from the FishPig servers (license.fishpig.co.uk).

The binary is a malware from the Rekoobe family. Previously, this Remote Access Trojan (RAT) was distributed in conjunction with the Syslogk Linux rootkit. As part of the attack on FishPig, the malware disguises itself as a harmless SMTP server and can be activated using hidden commands related to startTLS processing. Once activated, Rekoobe provides hackers with a reverse shell and allows them to remotely issue commands to the infected server.

Sansec writes that while Rekoobe is idle and waiting for commands from the hackers’ control server located in Latvia, which the researchers found at 46.183.217[.]2. It is assumed that the attackers behind this attack planned to sell access to the compromised stores to other criminals.

As a result, anyone who installed or upgraded FishPig premium products prior to August 19, 2022 should consider their stores compromised and take the following actions immediately:

  • disable all FishPig extensions;
  • run a malware scanner on the server side;
  • restart the server to end any unauthorized background processes;
  • add 127.0.0.1 license.fishpig.co.uk to /etc/hosts to block malware outgoing connections.

Representatives of FishPig told reporters of the publication Bleeping Computerthat are currently investigating the incident and studying its consequences.

“The best advice at the moment is to reinstall all FishPig modules. People don’t need to update to the latest version (although they can) as simply reinstalling the same version ensures they have clean code since all infected code has already been removed from FishPig.

The infection was limited to obfuscated code in one file of our separate license.fishpig.co.uk, and it has already been removed, and we have added protection against future attacks. FishPig.co.uk was not affected.

We apologize for any inconvenience users may have experienced. This was an extremely smart targeted attack and we will be more vigilant in the future,” the company said.


Source: xaker.ru

Translate this article

TAGGED: Linux, Malware, PoC, RTF, Security, SMTP, Software, Targeted Attack, WordPress
Tom Grant December 5, 2022 December 5, 2022
Share This Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

Detecting zero-days before zero-day
Detecting zero-days before zero-day
Apps 22 hours ago
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
Apps 22 hours ago
Network performance update: Birthday Week 2023
Network performance update: Birthday Week 2023
Apps 22 hours ago
Cloudflare now uses post-quantum cryptography to talk to your origin server
Cloudflare now uses post-quantum cryptography to talk to your origin server
Apps 2 days ago
Privacy-preserving measurement and machine learning
Privacy-preserving measurement and machine learning
Apps 2 days ago

You Might Also Like

Detecting zero-days before zero-day
Apps

Detecting zero-days before zero-day

22 hours ago
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
Apps

See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan

22 hours ago
Cloudflare now uses post-quantum cryptography to talk to your origin server
Apps

Cloudflare now uses post-quantum cryptography to talk to your origin server

2 days ago
Privacy-preserving measurement and machine learning
Apps

Privacy-preserving measurement and machine learning

2 days ago
Show More

Related stories

How to upgrade to Windows 11 23H2 with Installation Assistant
How to install September 2023 update with 23H2 features for Windows 11
How to get the latest Windows 11 innovations
How to blur image background in Photos for Windows 11
How to download official Windows 11 23H2 ISO file
PHP Object Injection Vulnerability in Flatsome Theme

10 New Stories

Encrypted Client Hello – the last puzzle piece to privacy
Beware of scammers! Dangerous apps in the App Store
How to enable extensions for Google Bard AI
Reminder: Enable two-factor authentication wherever you have it. This business
​​Know exactly when your data is transferred to GoogleIn a world where our data is permanent
​​Fake correspondence with the iPhone interfaceIn a world where digital communication is
Previous Next
Hot News
Detecting zero-days before zero-day
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
Network performance update: Birthday Week 2023
Cloudflare now uses post-quantum cryptography to talk to your origin server
Privacy-preserving measurement and machine learning
10alert.com10alert.com
Follow US
© 10 Alert Network. All Rights Reserved.
  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?