Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability
Jan 15, 2024
Website Security / Vulnerability
Thousands of WordPress sites using a vulnerable version of the Popup Builder plugin have been compromised with a malware called Balada Injector . First documented by Doctor Web in January 2023, the campaign takes place in a series of periodic attack waves, weaponizing security flaws in WordPress plugins to inject backdoor designed to redirect visitors of infected sites to bogus tech support pages, fraudulent lottery wins, and push notification scams. Subsequent findings unearthed by Sucuri have revealed the massive scale of the operation , which is said to have been active since 2017 and infiltrated no less than 1 million sites since then. The GoDaddy-owned website security company, which detected the latest Balada Injector activity on December 13, 2023, said it identified the injections on over 7,100 sites . These attacks take advantage of a high-severity flaw in Popup Builder ( CVE-2023-6000 , CVSS score: 8.8) – a plugin with more than 200,000 active installs – that