Ars Technica reports that up to 200,000 websites are at risk of compromise following the breach of e-commerce software provider FishPig's systems in a supply chain attack that involved the deployment of the sophisticated Rekoobe backdoor malware.
Discovered in June, Rekoobe purports to be an SMTP server that could be triggered by startTLS management-related commands to prompt remote command delivery to infected servers. Meanwhile, Sansec researchers determined that the attack on FishPig commenced on or before Aug. 19.
"We are still investigating how the attacker accessed our systems and are not currently sure whether it was via a server exploit or an application exploit. As for the attack itself, we are quite used to seeing automated exploits of applications and perhaps that is how the attackers initially gained access to our system. Once inside though, they must have taken a manual approach to select where and how to place their exploit," said FishPig Lead Developer Ben Tideswell, who added that notifications have been sent to individuals and organizations who may have been impacted by the incident.
More robust cybersecurity rules are being considered by the Australian government following the large data breach at Optus, the nation's second-largest wireless carrier, which has compromised 9.8 million individuals' data, according to The Associated Press.
Threat actors have been spreading the information-stealing malware-as-a-service Erbium as phony video game cracks and cheats in an effort to facilitate credential and cryptocurrency wallet theft, according to BleepingComputer.