Ars Technica reports that up to 200,000 websites are at risk of compromise following the breach of e-commerce software provider FishPig's systems in a supply chain attack that involved the deployment of the sophisticated Rekoobe backdoor malware.
Discovered in June, Rekoobe purports to be an SMTP server that could be triggered by startTLS management-related commands to prompt remote command delivery to infected servers. Meanwhile, Sansec researchers determined that the attack on FishPig commenced on or before Aug. 19.
"We are still investigating how the attacker accessed our systems and are not currently sure whether it was via a server exploit or an application exploit. As for the attack itself, we are quite used to seeing automated exploits of applications and perhaps that is how the attackers initially gained access to our system. Once inside though, they must have taken a manual approach to select where and how to place their exploit," said FishPig Lead Developer Ben Tideswell, who added that notifications have been sent to individuals and organizations who may have been impacted by the incident.
Novel Go-based information stealer Aurora has been increasingly added by threat actors in their arsenal, with at least seven active cybercrime groups either leveraging the malware exclusively or alongside other info-stealers Raccoon and Redline, BleepingComputer reports.