Third-party code, API security, Security Staff Acquisition & Development

Balada Injector campaign compromises thousands of WordPress sites

Share

SecurityWeek reports that more than 17,000 WordPress sites, including 9,000 sites vulnerable to the recently addressed TagDiv Composer front-end page builder plugin flaw, tracked as CVE-2023-3169, have been infected as part of the long-running Balada Injector campaign. Malicious code injected into a certain WordPress database facilitated by the exploitation of the vulnerability enabled site access that was then leveraged by threat actors to deploy plugins and backdoors, as well as create admin accounts that would ensure persistence, a Sucuri report revealed. "We observed a rapid cycle of modifications to their injected scripts alongside new techniques and approaches. We saw randomized injections and obfuscation types, simultaneous use of multiple domains and subdomains, abuse of CloudFlare, and multiple approaches to attack administrators of infected WordPress sites," said Sucuri, which previously noted in April that the Balada Injector campaign has already compromised more than 1 million WordPress sites during the past six years.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.