Cybercriminals have injected malware in multiple extensions from FishPig servers to add backdoors.
In this growing trend of artificial intelligence and machine learning, more and more things surrounding us are automated. No doubt it lands with numerous benefits for mankind but in this play of data, cybersecurity is gaining a big concern as cybercriminals are using smart ways to threaten and becomes necessary for companies to handle it with priority.
Cybercriminals have planted malware on servers associated with an unknown number of online retailers after hacking the server infrastructure of FishPig, a Magento and WordPress integration software maker with more than 200,000 downloads. Sansec, the security company that first invented the breach, identified that cybercriminals have injected malware into the FishPig Magento Security Suite and several other FishPig extensions for Magento 2 to gain access to websites using the products. Later on, the planted malware installed a Remote Access Trojan (RAT) called “Rekoobe” that hides on the server as a background process. Rekoobe, which came to light in June, pretends to be a secure SMTP server. When established from memory, it loads its settings, eliminates any malicious files, and assumes the name of a system service to keep away from detection.
Previously, the Linux rootkit “Syslogk” has been noticed to take off this Trojan. Rekoobe can be launched by hidden commands interconnected to the processing of a startTLS command sent by a cyber attacker over the Internet. When Rekoobe is activated, it offers a reverse shell that permits a cyber attacker to remotely mishandle a compromised server. Sansek mentions the FishPig invasion started on or before August 19. He further said that online stores utilizing FishPig software may now have Rekoobe unplanned installed on their servers, offering administrators access to hackers. “It is likely that all paid Fishpig extensions have been hacked. Free extensions hosted on Github don’t seem to be affected,” Sansek commented.
“This file is included in most FishPig extensions, so it’s best to assume that all paid FishPig Magento 2 modules have been infected,” the company advised. It has since
extracted the malicious code and taken steps to ensure further mishandling in the cybersecurity world. FishPig advises all customers to upgrade all FishPig modules or delete the current versions from the source, regardless of whether customers are using extensions that are known to be affected. people who are concerned that malware may be infecting their site and requires help to fix it can take advantage of FishPig’s current free cleanup offer.
The post When Paid Servers are Compromised, Cybercriminals Forget Free Versions appeared first on Analytics Insight.