Malicious Code in Extensions Provider’s Products. Check your Installations

It was recently discovered that one of Magento extensions vendors – Amasty – has been intentionally distributing a malicious code which stops third-party extensions from operating properly.

Since we keep receiving complaints regarding the problem, we feel obliged to provide a detailed explanation of the situation, in order to assist the affected customers in resolving the problem.

A recent update of the Amasty_Base module contains elements that purposefully and directly disrupt the functionality of the AW_All extension by aheadWorks, a vital component of all aheadWorks products. The lines in question can be found in app/code/local/Amasty/Base/etc/config.xml:

<adminhtml>

      <layout>

          <updates>

              <awall module=”Amasty_Base“>

                  <file>amasty/ambase/ambase.xml</file>

              </awall>

          </updates>

      </layout>

This basically removes all the blocks generated by the AW_All module and causes the following issues:

1. Disrupts the functionality of the AW_All tab in System -> Configuration -> aheadWorks extensions -> Info, responsible for informing merchants regarding possible installation problems and available updates.
2. Conceals the logs of aheadWorks extensions.
3. Removes all the styles connected to AW_All, which results in the incorrect display of the related blocks.

In case any of the aforementioned symptoms are detected, it would be required to open app/code/local/Amasty/Base/etc/config.xml, find all the occurrences of the “awall” string and change them to “ambase“.

Installed aheadWorks Extensions

Installed aheadWorks Extensions

By now, the developer was forced to remove the harmful components from their current extension packages, however, there is a high chance that Amasty products installed prior to that still contain the malicious code in question. Moreover, Amasty_Base’s damage potential may not be limited by the impairment of aheadWorks products, which is why we recommend to thoroughly inspect the websites containing any Amasty extensions.

The case has been reported to the Magento team. Additionally, as Amasty’s official statement regarding the matter does not seem to be helpful or explanatory, our specialists are inclined to provide all the required assistance on the matter, disregarding the current status of support period and free of any charges. Please feel free to contact us via http://ecommerce.aheadworks.com/contacts/ or helpdesk@aheadworks.com in case any difficulties in resolving the issue arise.

 

1 Comment

Adam

about 4 years ago

I would say it's unsuccessful copy/paste method ;)

Reply

Leave a Comment

Please be polite. We appreciate that.
Your email address will not be published and required fields are marked