The extension is named Mirasvit Helpdesk, allowing sites to show a ‘Chat with us’ widget on Magento shops. De Groot published a copy of the payload on GitHub, and posted some simple instructions on his blog that Magento owners can follow to test and see if their sites have been compromised via the Mirasvit Helpdesk widget.
The company declined to comment for this story, but published a blog post warning customers of ongoing exploitation attempts and reminded them to update their extensions, according to BleepingComputer. Furthermore, the company has released a fix for Mirasvit way back in September 2017, the online publication continues.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now