Ethical Hacking News
Hundreds of e-commerce sites have been compromised by a sophisticated supply-chain attack that has left millions of visitors vulnerable to malware. The true number of affected sites is potentially double that, with companies such as Tigren, Magesolution (MGS), and Meetanshi identified as sources of the malicious code.
Hundreds of e-commerce sites have been compromised by a sophisticated supply-chain attack. The attack has infected at least 500 e-commerce sites, with the true number potentially being double that. The source of the attack can be traced back to three software providers: Tigren, MGS, and Meetanshi. The malicious code was injected into the software through a compromised version sold by Weltpixel. The attack allows attackers to steal payment card information and other sensitive data. The compromised sites include some big names in the e-commerce industry, including a $40 billion multinational company. The investigation into the attack is ongoing, with many e-commerce sites still at risk from this malicious attack.
In a shocking revelation, hundreds of e-commerce sites have been compromised by a sophisticated supply-chain attack that has left millions of visitors vulnerable to malware. The attack, which began in April and continues to this day, has infected at least 500 e-commerce sites, with the true number potentially being double that.
The source of the attack can be traced back to three software providers: Tigren, Magesolution (MGS), and Meetanshi. These companies supply software based on Magento, an open-source e-commerce platform used by thousands of online stores. The malicious code, which has been dormant for six years, was injected into the software through a compromised version sold by Weltpixel.
The attack works by executing malicious code on visitors' devices, where it can steal payment card information and other sensitive data. The code executes remotely, allowing attackers to do "essentially anything they want," according to Sansec's post. This has been dubbed a "delayed backdoor" attack, which is extremely rare.
The compromised sites include those that rely on the infected software from Tigren, MGS, or Meetanshi. To determine if an e-commerce site is infected, admins can look for signs such as a function added to their platform that executes a file named $licenseFile as PHP code. Sansec has identified 21 extensions from the three providers that have been infected, including Ajaxsuite, Ajaxcart, ImageClean, and FacebookChat.
The investigation into the attack is ongoing, with Sansec still trying to determine how the malware managed to remain dormant for six years before coming to life. The company has warned admins to carefully inspect their platforms for signs of infection, as the malicious code can initiate a chain of additional functions that execute malicious PHP code on visitor machines.
The compromised sites include some big names in the e-commerce industry, with one $40 billion multinational company being affected. However, details about the specific company have not been disclosed.
The attack highlights the vulnerability of online commerce to supply-chain attacks and the importance of software vendors taking responsibility for securing their products. As Sansec's post noted, "global remediation on the infected customers remains limited," leaving many e-commerce sites still at risk from this malicious attack.
Related Information:
https://www.ethicalhackingnews.com/articles/Hundreds-of-E-commerce-Sites-Infected-by-Malicious-Supply-Chain-Attack-ehn.shtml
https://arstechnica.com/security/2025/05/hundreds-of-e-commerce-sites-hacked-in-supply-chain-attack/
https://www.techradar.com/pro/security/hundreds-of-top-ecommerce-sites-under-attack-following-magento-supply-chain-flaw
Published: Mon May 5 15:33:15 2025 by llama3.2 3B Q4_K_M
