Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Magento Backdoor Affects E-Commerce Stores

May 5, 2025
Reading Time: 2 mins read
in Alerts
Chimera Malware Outsmarts Firewalls

A supply chain attack involving 21 backdoored Magento extensions has compromised between 500 and 1,000 e-commerce stores, including one belonging to a $40 billion multinational company. Sansec researchers discovered that some of the backdoors had been planted as early as 2019, but the malicious code remained dormant until April 2025, when it was activated. The attack is linked to compromised extensions from vendors Tigren, Meetanshi, and MGS, with some versions of the backdoor dating back to 2019. Despite the six-year delay, the attackers managed to take full control of e-commerce servers after activating the malicious code.

The backdoored extensions include PHP code hidden in the license check files, such as License.php or LicenseApi.php.

These files contain a backdoor that checks for specific HTTP requests, and if successful, the attacker gains access to other admin functions. This backdoor enables remote users to upload a new license and execute PHP code, which can lead to severe consequences such as data theft and skimmer injection. The ability to run arbitrary PHP code on the server raises concerns over administrative account hijacking and other malicious activities.

Sansec’s report also identified compromised versions of the Weltpixel GoogleTagManager extension, though the point of compromise could not be determined. The cybersecurity firm has already contacted the affected vendors, but responses have been mixed. MGS has yet to respond, Tigren denied the breach but continued distributing the malicious extensions, and Meetanshi admitted to a server breach, but not the extension compromise.

This lack of cooperation from vendors has left many e-commerce businesses vulnerable to further exploitation.

Sansec recommends that users of the affected extensions perform complete server scans to check for indicators of compromise shared in the report. It also advises restoring from a clean backup if possible to mitigate the risk. The firm continues to investigate the peculiar timing of the attack, which involved a six-year delay before the backdoor was activated. Sansec promises to release more details as the investigation progresses, urging all Magento users to stay vigilant.

Reference:

  • Magento Extensions Backdoored in Supply Chain Attack Affecting Hundreds of Stores
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityMay 2025
ADVERTISEMENT

Related Posts

Fake Firms Push Malware on Crypto Users

Fake Sites Push Investment Scams

July 11, 2025
Fake Firms Push Malware on Crypto Users

Severe WordPress Flaw 200K Sites at Risk

July 11, 2025
Fake Firms Push Malware on Crypto Users

Fake Firms Push Malware on Crypto Users

July 11, 2025
Hackers Revive SEO Poisoning

Hackers Revive SEO Poisoning

July 10, 2025
Hackers Revive SEO Poisoning

RondoDox Botnet Exploits Router Flaws

July 10, 2025
Hackers Revive SEO Poisoning

ServiceNow Data Exposure via ACLs

July 10, 2025

Latest Alerts

Fake Sites Push Investment Scams

Fake Firms Push Malware on Crypto Users

Severe WordPress Flaw 200K Sites at Risk

RondoDox Botnet Exploits Router Flaws

ServiceNow Data Exposure via ACLs

Hackers Revive SEO Poisoning

Subscribe to our newsletter

    Latest Incidents

    Microsoft’s Outlook Long Outage

    Avantic Lab Affected By Ransomware

    $40M+ Stolen from GMX Crypto Platform

    Bitcoin Depot Breach Exposes Data

    McDonald’s AI Hiring Bot Exposes Data

    Nippon Steel Solutions Data Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial