Fishpig, a popular extension for Magento that integrates WordPress with the eCommerce platform, has been hacked. Fishpig has over 200,000 downloads worldwide.

Magento, acquired by Adobe, is a popular open-source platform for building robust eCommerce applications. Similarly, WordPress is also widely popular for its blog feature. Fishpig plays the role to integrate WordPress with Magento.

Online store that are having a WordPress and Magento on the same project may have malware called “Rekoobe”.

On 13 Sep 2022, Fishpig shared a statement about the threat on their official website as a Security Announcements. According to the statement, their license system was attacked and a malicious piece of PHP code was injected into the Helper/License.php file.

The paid extensions were most likely infected as their license system was compromised; however, the free extension over Github seems to be safe. This was detected on August 6th, 2022, for the first time..

How to solve this problem?

According to Fishpig, you should remove all the Fishpig modules from the source and reinstall the existing one or upgrade to the latest version. This will ensure a clean and secure code on your system.

  • Remove all the Fishpig modules.
  • Re-install Fishpig or upgrade with the latest version.
  • Run a server-side malware scanner
  • Restart the server
  • Add “127.0.0.1 license.fishpig.co.uk” to “/etc/hosts” to block outgoing connections

Restarting the server will remove the trojan/backdoor from the system automatically, however, make sure you have cleaned your code for the Fishpig module.

The Fishpig M2 Rekoobe Cleaner is a great tool to use in order to check for any infected Helper/License.php files. The latest version of FishPig_WordPress also has a new automated testing tool which makes it even easier to keep your site clean and free of any infections.