Hundreds of top ecommerce sites under attack following Magento supply chain flaw
Date:
Mon, 05 May 2025 16:09:00 +0000
Description:
At least 21 Magento extensions breached over the last six years, but laid dormant until today.
FULL STORY ======================================================================Sansec found 21 Magento extensions with malicious code The extensions belong to
three companies, who claim everything's in order Users are advised to take immediate action
Hundreds of ecommerce websites, including at least one major player,
behemoth, have been compromised after poisoned Magento extensions woke up
from a six-year slumber.
Cybersecurity researchers Sansec discovered the supply chain attack after one of its clients was targeted, ultimately finding 21 backdoored Magento extensions, belonging to three companies: Tigren, Meetanshi, and MSG. Here
are their names:
Tigren Ajaxsuite
Tigren Ajaxcart
Tigren Ajaxlogin
Tigren Ajaxcompare
Tigren Ajaxwishlist
Tigren MultiCOD
Meetanshi ImageClean
Meetanshi CookieNotice
Meetanshi Flatshipping
Meetanshi FacebookChat
Meetanshi CurrencySwitcher
Meetanshi DeferJS
MGS Lookbook
MGS StoreLocator
MGS Brand
MGS GDPR
MGS Portfolio
MGS Popup
MGS DeliveryTime
MGS ProductTabs
MGS Blog
Get Keeper Personal for just $1.67/month, Keeper Family for just
$3.54/month, and Keeper Business for just $7/month
Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.
It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts
to protect against cyber threats.
Preferred partner ( What does this mean? ) View Deal The long con
The company says some of the extensions were backdoored back in 2019. According to CyberInsider , the extensions were distributed via the vendors' official download servers, which were breached at some point.
However, the attackers only activated the malicious code in April 2025. In
the meantime, hundreds of ecommerce websites installed them, which resulted
in the compromise of roughly 500 - 1,000 websites, including one owned by a $40 billion multinational corporation.
Sansec says that the attackers added a PHP backdoor to the license check file of all of the extensions, which allowed the threat actors to execute
arbitrary PHP code remotely.
This granted them control over affected stores, compromising sensitive customer data and financial transactions in the process.
The researchers said they reached out to the three vendors with their findings, but got mixed responses.
Tigren denied having been breached and is allegedly still serving backdoored extensions, while Meetanshi confirmed having been breached but denied experiencing an extension compromise.
Finally, MGS did not even respond to Sansecs inquiries, even though BleepingComputer confirmed the backdoor in at least one extension thats currently on offer, for free, on the company website.
If youre running a Magento store with any of the above-mentioned extensions, you should act immediately and secure your assets.
Via BleepingComputer You might also like Ecommerce sites targeted by Magento payment system hack Take a look at our guide to the best authenticator app We've rounded up the best password managers
======================================================================
Link to news story:
https://www.techradar.com/pro/security/hundreds-of-top-ecommerce-sites-under-a ttack-following-magento-supply-chain-flaw
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)