The (now defunct) Cloud Connect ERP Magento plugin for SAP integration (published by B2b2dot0) was probably once legitimate, but a version circulates in the wild that is used as a webshell launcher. Upon installation, it places several backdoors:
/skin/edit.php
/skin/viewer.php
/skin/cli.php
In one particular case, an attacker brute forced their way into the admin panel, installed this extension, and then uses /skin/edit.php to place more backdoors.
The (now defunct) Cloud Connect ERP Magento plugin for SAP integration (published by B2b2dot0) was probably once legitimate, but a version circulates in the wild that is used as a webshell launcher. Upon installation, it places several backdoors:
In one particular case, an attacker brute forced their way into the admin panel, installed this extension, and then uses
/skin/edit.php
to place more backdoors.