- Sansec found 21 magento extensions with malicious code
- The extensions belong to three companies, who claim that everything is in order
- Users are recommended to take immediate measures
Hundreds of electronic commerce websites, including at least one important player, Behemoth, have committed after the poisoned magento extensions woke up from a six -year dream.
Cybersecurity researchers Sansec discovered the attack of the supply chain after one of its clients was attacked, ultimately, finding 21 rear magento extensions, belonging to three companies: Tigren, Meetanshi and MSG. Here are their names:
Tigren Ajaxsuite
Tigren Ajaxcart
Tigren Ajaxlogin
Tigren Ajaxcompare
Tigren Ajaxwishlist
Tigren Multicod
Meetanshi imagine
Meetanshi Cookienotice
Meetanshi Flatshipping
Meetanshi Facebookchat
Meetanshi Currencyswitcher
MEETANSHI DEFERJS
MGS lookbook
MGS Storelocator
MGS brand
MGS GDPR
MGS portfolio
Mgs Popup
MGS Deliverytime
MGS PRODUCTABS
MGS Blog
The long scam
The company says that some of the extensions were rear in 2019. according to CyberinsidicThe extensions were distributed through the official download servers of the suppliers, which “violated at some point.”
However, the attackers only activated the malicious code in April 2025. Meanwhile, hundreds of electronic commerce websites installed them, which resulted in the commitment of approximately 500 to 1,000 websites, including one owned by a multinational corporation of $ 40 billion.
Sansec says that the attackers added a PHP rear door to the license verification file of all extensions, which allowed the threat actors to execute the arbitrary PHP code remotely.
This gave them control over the affected stores, compromising the confidential data of the client and the financial transactions in the process.
The researchers said they communicated with the three suppliers with their findings, but obtained mixed answers.
Tigren denied having been raped and supposedly still serves rear extensions, while Meetanshi confirmed to have been raped, but denied having experienced an extension commitment.
Finally, MGS did not even respond to Sanec’s consultations, although Bleepingcomputer He confirmed the rear door in at least one extension that is currently offered, for free, on the company’s website.
If you are running a Magento store with any of the extensions mentioned above, you must act immediately and ensure your assets.
Through Bleepingcomputer
