Digital Event Horizon
Hundreds of e-commerce sites have been hacked in a devastating supply-chain attack that leaves thousands of visitors vulnerable to malicious code. The attack, which began in April, affects at least 500 sites and is linked to software from three providers. To protect yourself, use credit cards for online transactions and review your statements regularly.
The e-commerce sites affected by the attack are using software from three providers: Tigren, Magesolution (MGS), and Meetanshi. The attack is the result of a six-year-old malware that was introduced through backdoors in the software and remained dormant until recently. The malicious code allows attackers to execute arbitrary PHP code on e-commerce site servers, giving them control over the sites' functionality. 21 extensions from the three providers have been identified as infected with malicious code. At least one large multinational company with a $40 billion valuation is among the affected sites. Users are advised to use credit cards for online transactions and review statements monthly for suspicious activity to prevent financial losses.
Hundreds of e-commerce sites have been compromised in a devastating supply-chain attack, leaving thousands of visitors vulnerable to malicious code that can steal sensitive data. The attack, which began in April and remains ongoing, affects at least 500 e-commerce sites that rely on software from three providers: Tigren, Magesolution (MGS), and Meetanshi.
According to security firm Sansec, the attack is the result of a supply-chain attack that compromised at least three software providers with malware that remained dormant for six years and became active only in the last few weeks. The infected software includes extensions such as Ajaxsuite, Ajaxcart, and FacebookChat, which are used by thousands of online stores.
The malicious code, which was introduced through the backdoors in the software, allows attackers to execute arbitrary PHP code on ecommerce site servers, effectively giving them control over the sites' functionality. This enables the attackers to inject skimming software that runs in the user's browser and steals payment information, a tactic commonly used by malware groups known as Magecart.
Sansec has identified 21 extensions from the three providers that have been infected with malicious code. The attackers were able to remain dormant for six years due to the delayed activation of the backdoor, which is a rare occurrence in supply-chain attacks.
The affected e-commerce sites include at least one owned by a large multinational company, valued at $40 billion. The Sansec representative stated that "global remediation on the infected customers remains limited."
In order to protect themselves, users are advised to use credit cards instead of debit cards for online transactions, as this limits the potential financial losses in case of a data breach. Reviewing statements monthly and reporting any suspicious activity promptly can also help prevent unauthorized transactions.
As the situation continues to unfold, Ars Technica will provide updates on this developing story and offer expert analysis on the implications of this devastating supply-chain attack.
Related Information:
https://www.digitaleventhorizon.com/articles/Hundreds-of-E-commerce-Sites-Hacked-in-Devastating-Supply-Chain-Attack-deh.shtml
https://arstechnica.com/security/2025/05/hundreds-of-e-commerce-sites-hacked-in-supply-chain-attack/
Published: Mon May 5 17:39:54 2025 by llama3.2 3B Q4_K_M
