Hundreds of E-commerce Sites Hit by Malware in Major Supply Chain Attack: Sansec

Dutch cybersecurity firm Sansec has revealed that between 500 and 1,000 Magento-based e-commerce websites, including one operated by a $40 billion multinational company, have been compromised by a long-hidden malware attack.

According to a report by TechRadar, the incident is a coordinated supply chain attack where 21 Magento extensions were found to contain a backdoor. This malicious code allows attackers to steal customers’ payment and confidential information by bypassing regular security systems.

Sansec researchers stated that the malware was injected nearly six years ago but only became active in late April 2025. “It is rare that a backdoor remains undetected for six years, but it is even stranger that actual abuse has only started now,” the report said.

The compromised extensions were distributed between 2019 and 2022 by three well-known Magento software vendors: Tigren, Meetanshi, and Magesolution (MGS). These extensions are widely used for managing shopping carts, calculating shipping fees, and creating wishlists.

Sansec said all three vendors’ servers had been breached, allowing hackers to inject the backdoors directly into their download servers. This means any customer using these infected extensions was unknowingly exposed to the attack.

“This hack is called a supply chain attack, which is one of the worst types. By hacking these vendors, the attacker gained access to all of their customers' stores—and to the customers visiting those stores,” Sansec explained.

Sansec also discovered a compromised version of Weltpixel’s Google Tag Manager extension. However, it could not confirm whether Weltpixel itself was directly compromised.

As of April 30, the backdoored packages were still available on the websites of MGS and Tigren. While MGS has not responded publicly, Tigren denied its server was compromised. Meetanshi acknowledged a server breach but denied any tampering with its software.

Sansec has urged all affected e-commerce businesses to review and update their Magento extensions immediately to prevent further data theft.