Hundreds of Top E -Handels Places Under Attack After Magento Supply Chain -Error

Sensec found 21 Magento extensions with malicious code
The extensions belong to three companies that claim everything is in order
Users are advised to take immediate action

Hundreds of e-commerce sites, including at least one major player, Behemoth, have been compromised after poisoning magento extensions woke up from a six-year gossip.

CyberSecurity scientists Sensec discovered that the supply chain attacked after one of its clients was targeted, and eventually found 21 Bag -Door Magento extensions belonging to three companies: Tigren, Meetanshi and MSG. Here are their names:

Tigren Ajaxsuite
Tigren Ajaxcart
Tigren Ajaxlogin
Tigren Ajaxcompare
Tigren Ajaxwishlist
Tigren Multicod
Meetanshi ImageClean
Meetanshi Cookienotice
Meetanshi Flatshipping
Meetanshi Facebook Chat
MEETANSHI CURRENCYSWITCHER
Meetanshi Deferjs
MGS Lookbook
MGS Storelocator
MGS FIRE
MGS GDPR
MGS portfolio
MGS Popup
MGS delivery time
MGS Product Cabinet
MGS blog

The long con

The company says some of the extensions were back in 2019. According to CyberinsidesThe extensions were distributed through the suppliers’ official download servers, which at one point were “broken at one point”.

However, the engagement only activated the malicious code in April 2025. Meanwhile, hundreds of e -trade sites installed them, resulting in a compromise of approx. 500 – 1,000 sites, including one owned by a multinational company of $ 40 billion.

Sensec says attackers added a PHP back door to the license control file for all extensions that allowed the threat actors to perform arbitrary PHP code externally.

This assigned them control over affected stores, compromised sensitive customer data and financial transactions in the process.

The researchers said they reached out to the three suppliers with their findings, but received mixed answers.

Tigren denied having been violated and allegedly still serving back dooored extensions, while Meetanshi confirmed to have been broken, but refused to experience an extension compromise.

Finally, MGS did not even respond to Sensec’s queries even though Bleeping computer confirmed the back door in at least one extension that is currently offered free of charge on the company’s website.

If you are running a Magento store with one of the above extensions, shop right away and secure your assets.

Via Bleeping computer

The long con

Must Read

Leave a Comment Cancel Reply