Magento Fishpig Hacked – What you Need to Know?

Magento Fishpig Hacked

Fishpig, a popular Magento extension vendor, has been compromised. The Sansec found that hackers took control of the control ofFishpig server lately. The stores use the Fishpig softwares and extensions like Magento-WordPress integration, Magento 2 Full Page Cache, and Magento 2 Speed Suite are affected.

A malware β€œRekoobe” has been installed on their server, which grant the store admin access to the attackers.

2022/09/13: Fishpig has confirmed and accepted the hacking attack. The first case was found on August 6th, 2022.

Magento Fishpig Hacked

Sansec has tested many Fishpig extensions, and almost all the paid extensions are found affected. The free extensions hosted on Github are safe from the attack. With over 200,000 Fishpig downloads, a large number of stores could be under threat.

Is your store affected?

If you are using or used any product by Fishpig, you must check your store for the malware.

Run the following command in the Magento root directory:

php <(curl -Ls https://fishpig.co.uk/rekoobe-sh)

This command will test any installed FishPig modules and report if an infection is present.

What if the store is infected?

If you find your malware in your store, you have to re-install the Fishpig extensions and update them.

Reinstall FishPig Extensions (Keep Versions):

rm -rf vendor/fishpig && composer clear-cache && composer install --no-cache

Upgrade FishPig Extensions:

rm -rf vendor/fishpig && composer clear-cache && composer update fishpig/* --no-cache

Once this is done, you must restart the server to remove the backdoor from the memory.

Raise a ticket with your hosting provider to restart the server. If you are managing the server yourself, you have to restart the server.

Free Cleanup

Fishpig is currently providing free cleanup service to anyone whose store is affected by due to this attack.

Latest Magento Tips, Guides, & News

Stay updated with new stuff in the Magento ecosystem including exclusive deals, how-to articles, new plugins, and more. 100% Magento Goodness, a promise!

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top

πŸŽ‰ CYBER MONDAY SAVINGS πŸŽ‰

75% OFF on
ALL PLANS

Receive the coupon as soon as you
submit the email address. πŸš€