Hackers have breached FishPig software vendor resulting in a supply-chain hack.
Having gained access to FishPigs server infrastructure, malicious code was added to vendors software.
The Remote Access Trojan (RAT), dubbed “Rekoobe” hides on the server as a background process.
Sansec, the eCommerce malware and vulnerability detection service, stated:
“It is likely that all Fishpig paid extensions have been compromised. Free extensions that are hosted on Github don’t seem to be affected“
FishPig confirmed on Tuesday that hackers used their access to insert malicious PHP code into a Helper/License.php file.
The company stated:
“This file is included in most FishPig extensions, so it is best to assume that all paid FishPig Magento 2 modules have been infected,”
FishPig went on to state:
“The best advice for people at the minute is to reinstall all FishPig modules. They do not need to update to the latest version (although they can), but just reinstalling the same version will ensure that they have clean code as any infected code has been removed from FishPig.
The infection was limited to a single file in our obfuscation code on our separate license.fishpig.co.uk and this has been removed and protection added against future attacks. FishPig.co.uk was not affected.
Sorry for any inconvenience people may have faced. This was an extremely clever and targeted attack and we will be more vigilant in the future.”
FishPig have also provided instructions and tools to check if a site is infected.