CyberSecurity news
FlagThis
Pierluigi Paganini@Security Affairs
//
A recent supply chain attack has targeted Magento e-commerce stores, compromising hundreds of online businesses. Sansec researchers uncovered that 21 Magento extensions had been backdoored, leading to the compromise of an estimated 500 to 1,000 e-commerce stores, including a major multinational corporation valued at $40 billion. The attackers gained access to the servers of three Magento software developers – Magesolution, Meetanshi, and Tigren – and modified the source code of the extensions.
The malicious code, a backdoor hidden in the License.php file, remained dormant for six years. The attackers exploited the backdoor in April 2025, deploying malicious code onto Magento stores that had installed the compromised plugins. This backdoor allowed the key holder to run commands on the server, granting them full control of the e-commerce servers and enabling them to steal sensitive information.
While removing the compromised extensions will eliminate the initial entry point, experts recommend a thorough check of affected stores to ensure the attackers didn't leave additional web shells for secondary access. Sansec has notified the plugin developers of the breach, but responses have varied, ranging from denial to confirmation of a server hack. Users of Magento e-commerce platforms are urged to investigate their installed extensions and implement security measures to mitigate the risks associated with supply chain attacks.
ImgSrc: securityaffairs
References :
The malicious code, a backdoor hidden in the License.php file, remained dormant for six years. The attackers exploited the backdoor in April 2025, deploying malicious code onto Magento stores that had installed the compromised plugins. This backdoor allowed the key holder to run commands on the server, granting them full control of the e-commerce servers and enabling them to steal sensitive information.
While removing the compromised extensions will eliminate the initial entry point, experts recommend a thorough check of affected stores to ensure the attackers didn't leave additional web shells for secondary access. Sansec has notified the plugin developers of the breach, but responses have varied, ranging from denial to confirmation of a server hack. Users of Magento e-commerce platforms are urged to investigate their installed extensions and implement security measures to mitigate the risks associated with supply chain attacks.
ImgSrc: securityaffairs
Share:
References :
- securityaffairs.com: Sansec uncovered a supply chain attack via 21 backdoored Magento extensions
- The DefendOps Diaries: Magento and Supply Chain Attacks: Understanding and Mitigating Risks
- BleepingComputer: Magento supply chain attack compromises hundreds of e-stores
- bsky.app: BSky post about Magento supply chain attack compromising hundreds of e-stores
- Risky.Biz: Risky Bulletin: Six-years-old backdoor comes to life to hijack Magento stores
- securityonline.info: Massive E-commerce Supply Chain Attack Uncovered: Hundreds of Stores at Risk
- www.techradar.com: Hundreds of top ecommerce sites under attack following Magento supply chain flaw
Classification:
- HashTags: #supplychain #magento #ecommerce
- Target: Magento Stores
- Product: Magento
- Feature: Supply Chain Attack
- Malware: Magento Backdoor
- Type: Hack
- Severity: Major