Fishpig, a popular Magento extension vendor, has been compromised. The Sansec found that hackers took control of the control ofFishpig server lately. The stores use the Fishpig softwares and extensions like Magento-WordPress integration, Magento 2 Full Page Cache, and Magento 2 Speed Suite are affected.
A malware βRekoobeβ has been installed on their server, which grant the store admin access to the attackers.
2022/09/13: Fishpig has confirmed and accepted the hacking attack. The first case was found on August 6th, 2022.
Sansec has tested many Fishpig extensions, and almost all the paid extensions are found affected. The free extensions hosted on Github are safe from the attack. With over 200,000 Fishpig downloads, a large number of stores could be under threat.
Is your store affected?
If you are using or used any product by Fishpig, you must check your store for the malware.
Run the following command in the Magento root directory:
php <(curl -Ls https://fishpig.co.uk/rekoobe-sh)
This command will test any installed FishPig modules and report if an infection is present.
What if the store is infected?
If you find your malware in your store, you have to re-install the Fishpig extensions and update them.
Reinstall FishPig Extensions (Keep Versions):
rm -rf vendor/fishpig && composer clear-cache && composer install --no-cache
Upgrade FishPig Extensions:
rm -rf vendor/fishpig && composer clear-cache && composer update fishpig/* --no-cache
Once this is done, you must restart the server to remove the backdoor from the memory.
Raise a ticket with your hosting provider to restart the server. If you are managing the server yourself, you have to restart the server.
Free Cleanup
Fishpig is currently providing free cleanup service to anyone whose store is affected by due to this attack.