Fishpig, a UK-based maker of e-commerce software used by as many as 200,000 websites, is urging customers to update their programs after discovering a security breach that allowed criminals to spy on customers.
The unknown threat actors used their control of FishPig's systems to carry out a supply chain attack that caused customer systems to be compromised. Rekoobe can be activated by covert commands related to handling the startTLS command from an attacker over the internet. Rekoobe gives a reverse shell that allows the threat actor to issue commands to the server.
Ben Tideswell, the lead developer at FishPig, said in an email that they are still investigating how the attacker accessed their systems. We're used to seeing automated exploits of applications, so it's possible that the attackers gained access to our system. They must have used a manual approach to pick where and how to place their exploit inside.
Fishpig sellsshopify-WordPress integrations. Online marketplaces can be developed with the help of an open source e- commerce platform.
Tideswell said the last software commit made to its server that didn't contain the malicious code was on August 6. The intrusion began on or before August 19 according to San Sec. Tideswell said that FishPig has sent emails to everyone who has downloaded anything from FishPig.co.uk in the last year.
In a disclosure published after the San Sec advisory went live, FishPig said that the intruders used their access to inject maliciousPHP code into a Helper/License.php file that's included in most FishPig extensions. Rekoobe runs on only memory after removing all the files from the disk. It hides as a system process that tries to mimic other things.
Advertisement/usr/sbin/cron -f /sbin/udevd -d crond auditd /usr/sbin/rsyslogd /usr/sbin/atd /usr/sbin/acpid dbus-daemon --system /sbin/init /usr/sbin/chronyd /usr/libexec/postfix/master
/usr/lib/packagekit/packagekitd
All Rights Reserved © 2024
