Multiple Balada Injector operations targeting over 17,000 WordPress websites have taken advantage of known vulnerabilities in premium theme plugins.
According to a research by Bleeping Computer, more than 17,000 WordPress websites have been the target of many Balada Injector campaigns that take use of known vulnerabilities in premium theme plugins.
Balada Injecto sneaks a Linux backdoor onto webpages by taking advantage of these vulnerabilities.
This backdoor, which is probably part of a fraud or provided as a service to criminals, reroutes users to bogus tech help pages, lottery winners, and push notification scams.
According to Sucuri’s April 2023 report, Balada Injector has been in operation since 2017 and has impacted about a million WordPress websites.
The most recent campaign targets a particular flaw in tagDiv Composer, a programme that is commonly used with well-known WordPress themes like Newspaper and Newsmag. This flaw, identified as CVE-2023-3169, puts a significant number of websites at danger.
When the vulnerability’s specifics were made public in mid-September, threat actors were able to insert malicious code that directs users to fraudulent websites, sparking the start of the attacks.
Six attack waves have been launched, each with a distinct strategy. According to Sucuri’s analysis, this effort has already impacted thousands of websites. Strange script injections and hidden codes in the website’s database are indicators of this exploitation.
Update the tagDiv Composer plugin to version 4.2 or above to defend against Balada Injector. Additionally, it is highly recommended that website owners update their themes as soon as possible, use security plugins like Wordfence, and reset their passwords.
Sucuri also provides a free scanner to help find possible problems. Website owners need to be alert and adopt preventative security measures to protect themselves from Balada Injector since attackers adapt swiftly.
Please Follow Me on Social Media
Following me on social media is as easy as a few clicks. Simply search for my handle or name on your preferred social media platform and hit that “Follow” or “Subscribe” button. Here are the platforms you can find me on:
- Twitter: @ShahSumsh
- Instagram: @shah.alam.shumsh
- Facebook: ShahTech
- LinkedIn: YourProfile
- YouTube: ShahTech
