The Astroid framework has reportedly been hacked for numerous Joomla users. A colleague from Vienna just alerted me to this.

Apparently, it can be identified by unusual plugins, such as payload.

Does anyone in the JoomlaPlates community know anything about this?

The reported vulnerability has been CONFIRMED and FIXED. The Astroid Framework for Joomla had a critical security flaw where admin-only AJAX endpoints relied solely on for authentication. This token validates CSRF protection but does not verify that a valid admin session exists. An unauthenticated attacker could obtain a token from the admin login form and use it to perform privileged actions.

If .htaccess blocks access to /administrator/, the attacker cannot reach the login page and therefore cannot obtain the token. In that case, the vulnerability is effectively not exploitable from outside.
Please protect your backend with .htaccess
PS We are working on a fix this night

 Thanks for the reply, I'm looking forward to the patch like probably many other Astroid users - currently all my client sites are blocked.