CyberSecurityBoard
Sponsor Register Login

Magento supply chain attack compromises hundreds of e-stores

In all observed cases, the extensions include a PHP backdoor added to a license check file (License.php or LicenseApi.php) used by the extension. If the check is successful, the backdoor gives access to other admin functions in the file, including one that allows a remote user to upload a new license and save it as a file. Sansec researchers who discovered the attack report that some extensions were backdoored as far back as 2019, but the malicious code was only activated in April 2025. Users of the mentioned extensions are recommended to perform complete server scans for the indicators of compromise Sansec shared in its report and, if possible, restore the site from a known-clean backup. "Multiple vendors were hacked in a coordinated supply chain attack, Sansec found 21 applications with the same backdoor," explains Sansec. The cybersecurity firm says MGS didn't respond, Tigren denied a breach and continues to distribute backdoored extensions, and Meetanshi admitted to a server breach but not an extension compromise. We did not confirm if the backdoor is present in the other extensions reported by Sansec. Sansec commented on the peculiarity of the backdoor laying dormant for six years and activating only now and promised to provide additional insight from their ongoing investigation. A supply chain attack involving 21 backdoored Magento extensions has compromised between 500 and 1,000 e-commerce stores, including one belonging to a $40 billion multinational. Sansec has also found a compromised version of the Weltpixel GoogleTagManager extension but couldn't confirm if the point of compromise was at the vendor or the website. Sansec told BleepingComputer that this backdoor was used to upload a webshell to one of their customer's sites. Given the ability to upload and run any PHP code, the potential repercussions of the attack include data theft, skimmer injection, arbitrary admin account creation, and more. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. This malicious code checks for HTTP requests containing special parameters named "requestKey" and "dataSign," which are used to perform a check against hardcoded keys within the PHP files. BleepingComputer independently confirmed that this backdoor is present in the MGS StoreLocator extension, which is free to download from their site. This file is then included using the "include_once()" PHP function, which loads the file and automatically executes any code within the uploaded license file. Sansec contacted the three vendors, warning them of the discovered backdoor.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 02 May 2025 18:10:05 +0000


Cyber News related to Magento supply chain attack compromises hundreds of e-stores

Software Supply Chain Security Checklist - In the ever-evolving landscape of digital innovation, the integrity of software supply chains has become a pivotal cornerstone for organizational security. Software supply chain security is not just about protecting code - it's about safeguarding the ...
1 year ago Feeds.dzone.com
New "MITRE ATT&CK-like" framework outlines software supply chain attack TTPs - A new open framework seeks to outline a comprehensive and actionable way for businesses and security teams to understand attacker behaviors and techniques specifically impacting the software supply chain. The Open Software Supply Chain Attack ...
2 years ago Csoonline.com
CISA Announces Renewal of the Information and Communications Technology Supply Chain Risk Management Task Force - The Task Force, chaired by CISA's National Risk Management Center and the Information Technology and Communications Sector Coordinating Councils, is a public-private partnership composed of a diverse range of representatives from public and private ...
1 year ago Cisa.gov
Vendors Actively Bypass Year-Old Magento Vulnerability: Security Patch Issues - Vendors are actively bypassing the security patch for a year-old Magento vulnerability, a new research shows. The Magento platform is an open-source eCommerce solution widely used by merchants to create custom stores on the internet. In April 2020, ...
2 years ago Securityweek.com
UK, ROK sound alarm over North Korean supply chain attacks The Register - The national cybersecurity organizations of the UK and the Republic of Korea have issued a joint advisory warning of an increased volume and sophistication of North Korean software supply chain attacks. "In an increasingly digital and interconnected ...
1 year ago Theregister.com Lazarus Group
Supply Chain Cybersecurity - CISO Risk Management Guide - As regulatory scrutiny intensifies and cyber threats grow more sophisticated, CISOs must adopt a proactive, strategic approach to supply chain cybersecurity risk management, making it a boardroom priority and an integral part of organizational ...
1 month ago Cybersecuritynews.com
SCS 9001 2.0 reveals enhanced controls for global supply chains - In this Help Net Security interview, Mike Regan, VP of Business Performance at TIA, discusses SCS 9001 Release 2.0, a certifiable standard crafted to assist organizations in operationalizing the NIST and other government guidelines and frameworks. ...
1 year ago Helpnetsecurity.com
Thousands of Adobe Commerce e-stores hacked by exploiting CosmicSting bug - Sansec researchers reported that multiple threat actors have exploited a critical Adobe Commerce vulnerability, tracked as CVE-2024-34102 (aka CosmicSting, CVSS score of 9.8), to compromise more than 4,000 e-stores over the past three months. Over ...
8 months ago Securityaffairs.com CVE-2024-34102
Securing the Supply Chain - Before a supply chain can be improved, it must be understood. Rather than attacking one target, it is more effective to manipulate the supply chain to gain access to multiple targets. The 2013 Target breach was an example of a supply chain attack, as ...
2 years ago Securityweek.com
Developer Accounts Compromised Due to Credential Reuse in WordPress.org Supply Chain Attack - On June 24th, 2024, the Wordfence Threat Intelligence Team became aware of a WordPress plugin, Social Warfare, that was infected with malware through the WordPress repository. We immediately notified the WordPress Plugin's Team and they removed the ...
11 months ago Wordfence.com
How AI could bolster software supply chain security - SAN FRANCISCO - While supply chain risks remain prevalent across enterprises of all sizes, Synopsys' Tim Mackey said AI tools will enable developers more than attackers - at least for now. Supply chain security was a significant topic that speakers ...
1 year ago Techtarget.com
Polyfill.io, BootCDN, Bootcss, Staticfile attack traced to 1 operator - The recent large scale supply chain attack conducted via multiple CDNs, namely Polyfill.io, BootCDN, Bootcss, and Staticfile that affected anywhere from 100,000 to tens of millions of websites has been traced to a common operator, according to ...
11 months ago Bleepingcomputer.com
Synopsys Introduces Latest Solution for Comprehensive Security Across Software Supply Chains - Synopsys has introduced Black Duck® Supply Chain Edition, a novel software composition analysis solution. This offering aids organisations in mitigating upstream risks within their software supply chains. Black Duck® Supply Chain Edition ...
1 year ago Itsecurityguru.org
Synopsys Introduces Latest Solution for Comprehensive Security Across Software Supply Chains - Synopsys has introduced Black Duck® Supply Chain Edition, a novel software composition analysis solution. This offering aids organisations in mitigating upstream risks within their software supply chains. Black Duck® Supply Chain Edition ...
1 year ago Itsecurityguru.org
Synopsys Introduces Latest Solution for Comprehensive Security Across Software Supply Chains - Synopsys has introduced Black Duck® Supply Chain Edition, a novel software composition analysis solution. This offering aids organisations in mitigating upstream risks within their software supply chains. Black Duck® Supply Chain Edition ...
1 year ago Itsecurityguru.org
Synopsys Introduces Latest Solution for Comprehensive Security Across Software Supply Chains - Synopsys has introduced Black Duck® Supply Chain Edition, a novel software composition analysis solution. This offering aids organisations in mitigating upstream risks within their software supply chains. Black Duck® Supply Chain Edition ...
1 year ago Itsecurityguru.org
Synopsys Introduces Latest Solution for Comprehensive Security Across Software Supply Chains - Synopsys has introduced Black Duck® Supply Chain Edition, a novel software composition analysis solution. This offering aids organisations in mitigating upstream risks within their software supply chains. Black Duck® Supply Chain Edition ...
1 year ago Itsecurityguru.org
Synopsys Introduces Latest Solution for Comprehensive Security Across Software Supply Chains - Synopsys has introduced Black Duck® Supply Chain Edition, a novel software composition analysis solution. This offering aids organisations in mitigating upstream risks within their software supply chains. Black Duck® Supply Chain Edition ...
1 year ago Itsecurityguru.org
New Survey Finds a Paradox of Confidence in Software Supply Chain Security - Get results of and analysis on ESG's new survey on supply chain security. New research reveals that, despite increasing attacks and incidents against software supply chains, a surprising number of firms believe their defense is sufficient. This gap ...
1 year ago Securityboulevard.com
Magento supply chain attack compromises hundreds of e-stores - In all observed cases, the extensions include a PHP backdoor added to a license check file (License.php or LicenseApi.php) used by the extension. If the check is successful, the backdoor gives access to other admin functions in the file, ...
1 month ago Bleepingcomputer.com
Assessing and mitigating cybersecurity risks lurking in your supply chain - Most involve the supply of software and digital services, or at least are reliant in some way on online interactions. SMBs in particular may not proactively be looking, or have the resources, to manage security in their supply chains. Blindly ...
1 year ago Welivesecurity.com
New Supply Chain Attack Leveraging Python Package Index Targeting Wacatac Trojan - A new supply chain attack has recently been detected targeting Python Package Index (PyPI) users with the Wacatac Trojan. This attack is seen as the latest in a series of advanced persistent threats (APT) targeting the escalating use of Python in ...
2 years ago Securityweek.com
Malware-laced JAVS Viewer deploys RustDoor implant in supply chain attack - MUST READ. Malware-laced JAVS Viewer deploys RustDoor implant in supply chain attack. Sweden's liquor supply severely impacted by ransomware attack on logistics company. Microsoft fixed two zero-day bugs exploited in malware attacks. Threat actors ...
1 year ago Securityaffairs.com CVE-2023-22515 APT29 LockBit
Adapting to the Post-SolarWinds Era: Supply Chain Security in 2024 - COMMENTARY. In December 2020, the SolarWinds attack sent shockwaves around the world. Attackers gained unauthorized access to SolarWinds' software development environment, injected malicious code into Orion platform updates, and created a backdoor ...
1 year ago Darkreading.com
Checkmarx Report Surfaces Software Supply Chain Compromises - Checkmarx published an inaugural monthly report this week that finds 56% of the attacks against software supply chains that it analyzed resulted in the theft of credentials and confidential data. More than a quarter of attacks employed some form of ...
1 year ago Securityboulevard.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)