Magento sites hacked via popular helpdesk extension

The extension is named Mirasvit Helpdesk, allowing sites to show a ‘Chat with us’ widget on Magento shops. De Groot published a copy of the payload on GitHub, and posted some simple instructions on his blog that Magento owners can follow to test and see if their sites have been compromised via the Mirasvit Helpdesk widget.

The company declined to comment for this story, but published a blog post warning customers of ongoing exploitation attempts and reminded them to update their extensions, according to BleepingComputer. Furthermore, the company has released a fix for Mirasvit way back in September 2017, the online publication continues.

The Paypers is the Netherlands-based leading independent source of news and intelligence for professional in the global payment community.

The Paypers provides a wide range of news and analysis products aimed at keeping the ecommerce, fintech, and payment professionals informed about the latest developments in the industry.

Categories

Payments

Fraud and Fincrime

Fintech

Crypto, Web3 and CBDC

Regulations

M&A and Investments

Current themes

A2A Payments

Payment Orchestration

TradFi and DeFi Convergence

KYC, KYB and Digital Identity