Magento Supply Chain Attack Targets Extension Developer FishPig
Magento store owners using the popular FishPig extensions should be wary of a recent supply chain attack which compromised their software repository. FishPig released a detailed security announcement on September 13th, 2022. The attack is estimated to have occurred on or before August 19th of this year so any eCommerce stores which have installed FishPig extensions since this date have likely been compromised.
Website administrators should completely remove, reinstall, and upgrade all instances of FishPig software present within their environment and check their systems for any signs of infection.