More than 6,700 WordPress sites have been infected by the new Balada Injector malware. Tech: Tech Times:

More than 6700 WordPress sites have been infected by the

More than 6,700 WordPress sites fell victim to a sophisticated cyber campaign that deployed the infamous Balada Injector malware.

It was initially discovered by Dr. According to Web researchers, this coordinated attack began in mid-December targeting vulnerabilities in WordPress themes and plugins.

It was shockingly revealed that the Balada Injector had been running a massive operation since 2017, compromising over 17,000 WordPress sites.

WordPress Backdoor:

(Photo by Fikret Tozak from Unsplash)
A malicious version of the Popup Builder plugin is believed to be linked to the new Balada Injector, affecting more than 6,700 WordPress sites.

According to a report by Bleeping Computer, attackers are strategically placing backdoors on compromised websites, redirecting visitors to fraudulent support pages, lottery schemes and notification scams.

Related article: 1.5 Million WordPress Sites at Risk as Hackers Attempt to Exploit Cookie Consent Plugin

A recent surge in attacks

The latest campaign appeared on December 13, 2023, just days after the discovery of the CVE-2023-6000-a cross-site scripting (XSS) vulnerability affecting Popup Builder 4.2.3 and older.

Popup Builder, which works on 200,000 websites to create custom popups, became the focal point of the operation.

Sucuri, a leading website security company, has disclosed a rapid integration of the flaw reported by Balada Injector.

According to cybersecurity researchers, attackers cleverly manipulated the “sgpbWillOpen” event in the Popup Builder, executing malicious JavaScript code in the site's database when the popup was activated.

In addition to exploiting Popup Builder, threat actors resorted to a secondary infection method. They tampered with the wp-blog-header.php file by injecting the same JavaScript backdoor into the compromised sites.

Secret back door operations

The Felody backdoor, a staple in the Balada Injector arsenal, has tremendous potential. From executing arbitrary PHP code to uploading files and communicating with attackers, its functionality extends to loading additional payloads.

As of now, the Balada Injector campaign has hit 6,700 sites. Sucuri's analysis of attack domains suggests deliberate efforts to obfuscate the origin of attackers, including the use of Cloudflare firewalls.

Protecting yourself from the Balada Injector requires immediate action from WordPress site administrators. Updating themes and plugins to the latest versions, removing redundant or unsupported products, and reducing the number of active plugins on the site all help strengthen protection against automated violations.

You don't want to get malware on your WordPress site, so the best thing you can do is update your plugins regularly.

What happened in 2022 is enough for every WordPress user to secure their websites. At that time, millions of sensitive information were leaked. The vulnerability was discovered in the WordPress cloning plugin UpdraftPlus.

Experts blamed the implementation of UpdraftPlus as poor and easy to access. This is why the flaw spread quickly, putting millions of WordPress users at great risk.

Again, no harm in updating your WP contacts. It may take you a few minutes, but you can rest assured that your site is secure and protected from unwanted attacks by outsiders and threat actors.

For news and updates on WordPress and similar, just click here.

Read also: A critical vulnerability in the WooCommerce Payments plugin for WordPress has been discovered. here's what you need to know

ⓒ 2024 All rights reserved. Do not reproduce without permission.

READ  I asked ChatGPT to write a WordPress plugin I needed. Did it in less than 5 minutes

Leave a Reply

Your email address will not be published. Required fields are marked *