Backdoor found in popular ecommerce components
a year ago
- #supply-chain-attack
- #ecommerce
- #cybersecurity
- A backdoor was discovered in multiple ecommerce components, affecting 21 applications.
- The malware was injected 6 years ago but became active recently, compromising 500-1000 stores.
- Affected vendors include Tigren, Magesolution (MGS), and Meetanshi, with their servers breached.
- The backdoor allows attackers to execute arbitrary PHP code via a fake license check in files like License.php or LicenseApi.php.
- The vulnerability is in the adminLoadLicense function, which can be exploited without authentication in older versions.
- Sansec's eComscan can detect this malware, and affected stores are advised to remove the fake License file.
- Vendors' responses vary: MGS and Tigren still offer backdoored packages, while Meetanshi confirmed a server breach.
- The backdoor remained undetected for 6 years, with abuse starting recently.
- Recommendations include caution when using software from affected vendors and checking stores for backdoors.