Malware Infects Magento-Powered Stores via FishPig Distribution Server


Specialized in Magento optimizations and Magento-WordPress integrations, FishPig offers various Magento extensions that have gathered over 200,000 downloads.

On Tuesday, FishPig warned of an intrusion to its extension license system, which resulted in a threat actor injecting malicious PHP code into the Helper/License.php file.

“This file is included in most FishPig extensions so it is best to assume that all FishPig modules had been infected,” FishPig announced.

According to the company, the hackers likely had access to its servers since at least August 6.