A supply chain attack involving 21 backdoored Magento extensions has compromised between 500 and 1,000 e-commerce stores, including one belonging to a $40 billion multinational.
Sansec researchers who discovered the attack report that some extensions were backdoored as far back as 2019, but the malicious code was only activated in April 2025.
“Multiple vendors were hacked in a coordinated supply chain attack, Sansec found 21 applications with the same backdoor,” explains Sansec.
“Curiously, the malware was injected 6 years ago, but came to life this week as attackers took full control of ecommerce servers.”
Sansec says the compromised extensions are from vendors Tigren, Meetanshi, and MGS:
- Tigren Ajaxsuite
- Tigren Ajaxcart
- Tigren Ajaxlogin
- Tigren…