Tag Archive for: backdoored

WordPress sites backdoored after FishPig supply chain attack • The Register


It’s only been a week or so, and obviously there are at least three critical holes in WordPress plugins and tools that are being exploited in the wild right now to compromise loads of websites.

We’ll start with FishPig, a UK-based maker of software that integrates Adobe’s Magento ecommerce suite into WordPress-powered websites. FishPig’s distribution systems were compromised and its products altered so that installations of the code semi-automatically downloaded and ran the Rekoobe Linux trojan.

Infosec outfit Sansec raised the alarm this week that FishPig’s software was acting weird: when a deployment’s control panel was visited by a logged-in Magento staff user, the code would automatically fetch and run from FishPig’s back-end systems a Linux binary that turned out to be Rekoobe. This would open a backdoor allowing miscreants to remotely control the box.

After that, the crooks could snoop on customers, alter or steal data, and so on.

Per FishPig’s disclosure, its products were altered as early as August 6, and the offending code has since been removed. We’re told that the paid-for versions were primarily affected. Free versions of FishPig modules available on GitHub were likely clean.

If you’re using FishPig’s commercial software, you should reinstall the tools and check for signs of compromise.

According to FishPig, it’s “best to assume that all paid FishPig Magento 2 modules have been infected.” It’s not known exactly how many customers were caught up in the supply-chain attack, though Sansec said the company’s free Magento packages have been collectively downloaded more than 200,000 times. That doesn’t necessarily mean there’s a comparable number of paid users, though it gives you an idea of the interest in FishPig’s tools.

While it’s not known exactly how the attackers broke into FishPig’s back-end servers, the outcome was…

Source…

Google Warns of Growing Android Attack Vector: Backdoored SDKs and Pre-Installed Apps – Threatpost

  1. Google Warns of Growing Android Attack Vector: Backdoored SDKs and Pre-Installed Apps  Threatpost
  2. Android security: 0.04% of downloads on Google Play in 2018 were ‘potentially harmful apps’  TechCrunch
  3. Google downplays the number of ‘potentially harmful apps’ on the Play Store  BGR
  4. Google continues to improve the security and privacy of Android users  Phone Arena
  5. This Malware Returned from the Dead to Hit 199M Androids in 2018  Computer Business Review
  6. View full coverage on read more

“android security news” – read more

Hacker claims to have breached & backdoored antivirus software firm Trend Micro

Antivirus and security firm Trend Micro was the latest victim in what seems like never-ending hacks, dumps and hacker wars. Also named was SYKES, a company that allegedly runs support services for Trend Micro. The SYKES site states that it is “a global leader in providing customer contact management solutions and services in the business process outsourcing (BPO) arena.” Read more

Ms. Smith’s blog