Do you use FishPig on your Magento site? If so, please read on – they have been hacked and it could affect your business.
On 13th September 2022, FishPig, a developer of a popular Magento 2 extension, announced that they had suffered a server breach. The threat actors compromised the code base of the paid FishPig Magento 2 module, so any site which has installed the module can assume to be compromised. The announcement, along with additional remediation information, can be found here:
The malicious code installs another piece of malware called Rekoobe, a remote access trojan. The executable is deleted after being downloaded and executed, remaining only as a background process with a name that mimics legitimate system services.
If you have installed the FishPig module on your Magento 2 store, it’s highly recommended that you uninstall the current version of the module and reinstall a fresh copy. After this, you should restart your server to remove any traces of the backdoor from memory.
EveryHost Security Team