Get started in 5 minutes!

Magento security extentions vendor got hacked

Magento security extentions vendor got hacked

The store of a US Magento extension vendor was found compromised. Attackers had write access to the server selling extensions. We are awaiting a statement on the integrity of downloaded software.

Our malware crawlers detected a compromise of Extendware, a vendor of Magento extensions such as “Two-Factor Authentication”. Attackers injected a payment skimmer on Oct 4th, as shown by this addition to the source code:

The actual skimmer can be found here, which is a fairly standard keylogger. It sends customer card data to which is likely another compromised store under control of the attacker.

While our crawlers discover 50+ skimmers on a daily basis, this case stands out. First, the presence of malware proves that attackers had write access to Extendware’s server. In theory, they could have injected a backdoor or skimmer in all of the Extendware products, thereby gaining control of all stores that would install their software. This is also known as a “supply chain attack”.

Second, because e-commerce vendors are such an attractive target to payment skimmers, this Extendware case suggests that attackers may have used a novel method to gain access.

We have reported this breach to Extendware and asked about the integrity of their products but haven’t heard back yet. Meanwhile, we recommend merchants who downloaded Extendware products in the last week to not install them and await further instructions from the vendor.

NB. Extendware runs a McAfee Secure seal which does not detect the compromise yet:

Stay ahead of eCommerce hacks,
protect your store today!

Sansec forensic experts were the first to document large scale digital skimming in 2015. Since then, we have investigated thousands of hacked stores. Our research of the latest attack vectors protects our customers around the world. Our anti-skimming technology and data are used by merchants, forensic investigators, financial anti-fraud teams and service providers

Try our malware scanner